Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 00:52
Static task
static1
Behavioral task
behavioral1
Sample
6933dd9b88f8fa5c45e1b64f03d48762_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
6933dd9b88f8fa5c45e1b64f03d48762_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
6933dd9b88f8fa5c45e1b64f03d48762_JaffaCakes118.html
-
Size
83KB
-
MD5
6933dd9b88f8fa5c45e1b64f03d48762
-
SHA1
f3ac91defdf679fd746a48578afc7d2fb75c6b60
-
SHA256
ea287c903800f849a53b47f47fafe958510a7d2d5a5adaa4f67debdba7c4bd43
-
SHA512
c135b455a7e554568498542ea20a1d7b59aa74ed7079867eb88813084f65e5308f7a61dc9e2e148c693e23bd4dec184b6d926b659d97c0d5421dc1a1be5e49f0
-
SSDEEP
1536:LdR0PRsg2o4yUaTR9oasUuI+tqyGEMxztr:LdasgjUad9oasUqtqnEMxztr
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2584 msedge.exe 2584 msedge.exe 1632 msedge.exe 1632 msedge.exe 3692 identity_helper.exe 3692 identity_helper.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1632 wrote to memory of 1696 1632 msedge.exe 84 PID 1632 wrote to memory of 1696 1632 msedge.exe 84 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 3384 1632 msedge.exe 85 PID 1632 wrote to memory of 2584 1632 msedge.exe 86 PID 1632 wrote to memory of 2584 1632 msedge.exe 86 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87 PID 1632 wrote to memory of 2792 1632 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6933dd9b88f8fa5c45e1b64f03d48762_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1b9846f8,0x7fff1b984708,0x7fff1b9847182⤵PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 /prefetch:82⤵PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:12⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14415931769901331986,18139498544590264031,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4520
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3548
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
1KB
MD51a00fa9caeea2022bc08f42501195ec3
SHA1c1b28753a4216b43c9f4706e647be33bcdb2e8e7
SHA256f9d71c47e9257282dd0a2a2c205b7612955bc6eabe4bcf6624d7284849677fca
SHA51231defa858827b414efb32fcb8219f4b50a9830da9aeecad01fb2962cef31a20bde6aa32c5073d19cabdbf6ac1b72764a0f21a83dce945061be7ff28597e7aecb
-
Filesize
5KB
MD5acc4175ed9922fd3d33bd16810bcfbda
SHA1ce793213c8c554fea134823e814c908056f52bb2
SHA2569bbfe8c797800e1add08670ad53a6380d002aed1a8e64f578acd0069a051bce4
SHA512433cf8d8806902d1fcff82785296e29efb41f45dbe1c18a77afaeae77f20b1bac7562cbd8b0aed627814edd22384ffe450f34b030351e36fef98be170977e753
-
Filesize
6KB
MD547f388f9393f8f0b56c132488bea1b9c
SHA19297c847211d2c4728aed17062f20128b4f44104
SHA256e7bedad1c18b0e43e8710e2592904735152e6a7e1161fb2d0f4ba154dca514fe
SHA512a98ec3f7dc578b9d5f356665d66733391d561cd97f2d8055f2cb0527c2f6f92c9cad67870d0a0bf37a8488d816cdbf79b4206324ec2ddb0fc8a39a7c531d28b3
-
Filesize
6KB
MD52b06b42819564f80a8d95415a133879d
SHA1ea8bd09722b1bde3abd6a85ac333dba5c0104b60
SHA256a61574979500ef861b4d630d82c20f4d00aec7e57a0714ae3fd5072d26930ccf
SHA5128b335850020dc02145f33a31f6a9212185c12f44e0f1d3da800669f4340301e1d1e132ed689229d79582d986038ca01c3162a4ff6e30478d71b53b7eed017114
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56bc35e88394a3eed0459716e541737f4
SHA185a30f6eccdefdd95195ce1f012dc3e865e025ab
SHA256fdfb1566583bea494d99c779675771db8dbb0de171f085e77f576b29d75f3129
SHA5124f48631fccc222cd638ea486e18292990651260dfa813d5e7dcadf4654f323b5823142e7fe0496d501ee1e2fa1c00ee5bf24456d8ad149758a0fc9f051fbd927