Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 14:24
Static task
static1
Behavioral task
behavioral1
Sample
6ed32e29a8d7f61343ba26b0a048c0d8_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
6ed32e29a8d7f61343ba26b0a048c0d8_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6ed32e29a8d7f61343ba26b0a048c0d8_JaffaCakes118.html
-
Size
25KB
-
MD5
6ed32e29a8d7f61343ba26b0a048c0d8
-
SHA1
9eb6d54d13d9905cd02e1dc5d6e4f40a5dd43e71
-
SHA256
ccf217245bd911d6e2d9cb8de888f5705242964d3553380deeb1bc0a610693ba
-
SHA512
3a332263f46260f2da7c56478a06f8cc33a24ea290e0302810c53afb7c776ae0bc70de540e0050bc6e0c1e47cd9fe908f68a1ab43b8a57a4c4d273c9afcd9f8e
-
SSDEEP
768:IRdqBj81ZamhnBtTwGXTj4BTsHKb8TG+hSKOhz:FUJhnBtTwGXTj4FsHKkb8Kc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4716 msedge.exe 4716 msedge.exe 1464 msedge.exe 1464 msedge.exe 924 identity_helper.exe 924 identity_helper.exe 2644 msedge.exe 2644 msedge.exe 2644 msedge.exe 2644 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1464 wrote to memory of 4220 1464 msedge.exe 82 PID 1464 wrote to memory of 4220 1464 msedge.exe 82 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4860 1464 msedge.exe 83 PID 1464 wrote to memory of 4716 1464 msedge.exe 84 PID 1464 wrote to memory of 4716 1464 msedge.exe 84 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85 PID 1464 wrote to memory of 3556 1464 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6ed32e29a8d7f61343ba26b0a048c0d8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe401546f8,0x7ffe40154708,0x7ffe401547182⤵PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:82⤵PID:3556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:3584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:2664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2644281902728070913,13835621995339367998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2644
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4032
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4636
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
189B
MD5443319881835b14fda88caab9945e84c
SHA1adb420bd20774e8eabc4d3d53ecfccb20ae7cb54
SHA256fd79d0831e92ccbffc20eed3a0d07b39a121b4f3be4f720d2981fdd2e7b5b8da
SHA51239c2c7fd638c04ce244473831d3dc8175e8e9ecb9a0df38370300233202d7d7fa9166912b8d97b34efd7b90eab6da376191e1c5c9ce253e96c9686b886ab29fb
-
Filesize
5KB
MD51c7e173a06a2021a6c8f42868b975553
SHA164190ad40eb0d814e126acd3d766113b8d6d9e24
SHA25619b94d4dde5e3fd9552458d4f165e61e82e7d87029044ff33c4750307509cc8b
SHA5127549cf086439acd6cb7fbabaf28ec6f659019f20cb9c4d40dd59d0d20d7a02e1fac5b5d857cbbde620a4f69614b86fe8fce1ae3bc830b089407a7b84e67d331a
-
Filesize
6KB
MD54da8c02c750d4f03a675ecfe465923a1
SHA1af6bd3fdeab3c00396572578c36c373d5057c38f
SHA25659825def6417ddf579ae418b17ea675d3a718eaf9e940572a180d1d6709a771e
SHA51271e1aefce7d0d730283195a9395dae61fbb834f247092b7cdbb84e7d575fbdec85cc750d5812c9ca6de315e611503af8abed737878a69ea2635fbd97b965da8c
-
Filesize
6KB
MD5f3e44d913f6abee9bdac6e2c230f4981
SHA1b6b447e2702346347eea6002a2c8ffeff0fea527
SHA2568522cb795ad9de6d1f9bb112d3e94657e5801c3dd0c3672e92b8beaae954d18b
SHA51206c54d9792667788e46a5b3991e123db7b869d6f0aa7312b6e1f9df7b7b543e84b898b74ea88ad451195db057fe861fc1b17845598713de979f43619e3cf2a40
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD568922fb148ce54d0e0a260971da07b31
SHA16b8e44d07446be2fcc832ad67fe23da4fa5fa976
SHA256ca98beadb83d8c096a653b1c46bb1e4597c89d060ae9f8d99fc4bf95a59f2d99
SHA51263903a59423ef6af488a2c25aca5b7d9601c6e20881a115ff2176a9de73854b380efce3acac9af3ddba998dcbe4f625964da2dab736b109871e056f236917890