Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23/05/2024, 16:23
Static task
static1
Behavioral task
behavioral1
Sample
6b89dfed215c441a5cbe854ec04e4195_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6b89dfed215c441a5cbe854ec04e4195_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
6b89dfed215c441a5cbe854ec04e4195_JaffaCakes118.html
-
Size
31KB
-
MD5
6b89dfed215c441a5cbe854ec04e4195
-
SHA1
3efd13797d893c613b237da9a91508895a95f805
-
SHA256
e71a8d0b54fb7bf07ddab2708aabcefa60fb7c62a895dd74a5a81cb3d6be4dcf
-
SHA512
8956657c2bf8a4d1c050a1301e9152e8ccf63dda9982469fcfb748fe73cdc73b94212a95146ca144c3fceaecbf9e79037abd18194cd4ea3dacec94bdacd48b64
-
SSDEEP
768:DVZlgqijI9GgyruFy2rhOR0rbpvRPRYADeSUNnhCyqaUps1EH9FYdGn:DmqijI9GgyruFJhO2rbpvTDeSUNUyqaw
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2516 msedge.exe 2516 msedge.exe 4396 msedge.exe 4396 msedge.exe 1624 identity_helper.exe 1624 identity_helper.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4396 wrote to memory of 3616 4396 msedge.exe 82 PID 4396 wrote to memory of 3616 4396 msedge.exe 82 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2852 4396 msedge.exe 84 PID 4396 wrote to memory of 2516 4396 msedge.exe 85 PID 4396 wrote to memory of 2516 4396 msedge.exe 85 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86 PID 4396 wrote to memory of 5000 4396 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6b89dfed215c441a5cbe854ec04e4195_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4396 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc8f746f8,0x7fffc8f74708,0x7fffc8f747182⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:82⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16647687191943508623,7990773521753516048,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4128 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3144
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4436
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4648
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
5KB
MD54b316090e9f21e8ab21e0195675cb876
SHA1bf6c9903acbf82d4d12a4a07a29d4ba3c446e5e5
SHA256f37e45cf0aa78c62e4bea54ea3b71ae05a449206e8bdab922f8cdba09fbe5e5e
SHA51284c175a7035b200450e5d474d9b8fa94cd1f9a548bb488021872df95fee251808eb6aedd6a082b532a6bd1386b5c88c4d3debf3056708f47e23810660f56d6c2
-
Filesize
6KB
MD5188784267bf46da8691dd0c15d6909b9
SHA1de60b7f76fb99ae1db665c589e64d7066531052b
SHA25699105764fee9147987d1784395ca4b69c2ab2a593db82038c193c0173cb35a56
SHA5124b90bc5f4370c3931cfcc1469eee881844185a0b0be59d8272887233eae67cc5a278f42ab5a132c9d14703166ab5699601926bdf747f3985e08e5d060c0b2c65
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bae5681756cb004f1be7864cfc5a98bd
SHA17c6c36cb156d74cd76da19bb50199ee175aa7fba
SHA256eb7a79ae50f5592f4fe3bf2c295d4eed4898d30402c944a849f07a7e735fcf46
SHA51289e0204993651bed4a6cb2e35a91466feef010c3a0a5a15db281ec75024bb04ff01f33ee91908c3b6a15b8f91a879c78a4f13c4060f0fbe0df9a53184929f7df