Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 00:29
Static task
static1
Behavioral task
behavioral1
Sample
69257854454df54cbbe8c7be6cbd518a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
69257854454df54cbbe8c7be6cbd518a_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
69257854454df54cbbe8c7be6cbd518a_JaffaCakes118.html
-
Size
939B
-
MD5
69257854454df54cbbe8c7be6cbd518a
-
SHA1
5875f659d20968eb308f015328d40d1ea0bcbe47
-
SHA256
af27f2a9cb6b049c2a5a356b45cb143b86e9551412fd1b7cae0a45e3275c5712
-
SHA512
276f06ac5489579139b78b24dfdb735c0497f322ab610f50c660d8cfbd2e9c7a37f668b11a31cc77b03b5f2b396ebcff226d4fda70d5f38d1d5c19f43aafb598
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4476 msedge.exe 4476 msedge.exe 3052 msedge.exe 3052 msedge.exe 4556 identity_helper.exe 4556 identity_helper.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3052 wrote to memory of 2444 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2444 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 3040 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 4476 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 4476 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2512 3052 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69257854454df54cbbe8c7be6cbd518a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9278146f8,0x7ff927814708,0x7ff9278147182⤵PID:2444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:3040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:2512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:3968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:12⤵PID:380
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵PID:2768
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:3196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:3168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:4984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3596224380988827355,13493513608277468779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3116 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4952
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4256
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2232
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
5KB
MD5dd3e58df9ac5bcaa4ef750b44f9c5451
SHA1b4bc8a620a467b63429dd41121a2427845d11bd0
SHA25667009158d524b3942245409b04b2189a7c1e963101649a2e0d6b7a163caf0603
SHA5124a638884ec064491e234d2dc5bd68153e6ebe524b960a105e58c79ca4fe8e7cc2a94770e6b6380c67c6d0ad438d5399eeaccf77644f101bef77b9e2d03185756
-
Filesize
6KB
MD57fd64302505d4641ed34b53285270f61
SHA149cfe23f06b6c6e5d3f466654eb10bd2ecfbd5b0
SHA25638ea29e2cb23913c9179ca1bb23eb9f5d6183950f93e4a3ff5e0ac3466bd23fc
SHA51296d170770cf863abf1f46d82e969fef5877c6f411253576d29169898b8c0c93f61435faafc8847552899052a7165789d168d0a51d45b35f6648cb321ceac62f6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD501b41dce6ec127046274174f28215dad
SHA1b42fee945c24642835aa59fcea877f70773ff29c
SHA256f10ce1fe637f417b7ecd82f6dd38c3631939edec695b5fdf9a21a2d8c8ef1033
SHA512e341ac4dc146bec7adf4a1f494116b06d071af7f25b640678fb4bbd640eda53909000a9bf699c05d32db3a8f38632ada0ab381f888d422da6b85373a602f8d44
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e