Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 14:43
Static task
static1
Behavioral task
behavioral1
Sample
724dc101b1515447aab78f52b98f0e30_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
724dc101b1515447aab78f52b98f0e30_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
724dc101b1515447aab78f52b98f0e30_JaffaCakes118.html
-
Size
37KB
-
MD5
724dc101b1515447aab78f52b98f0e30
-
SHA1
75b73e54e0ba4af3f7dfa87c5ab7936d30be2e51
-
SHA256
b1db440f1c3dc8d8c3d52e2471eb134078f5b5a89e346feae51dadae1fc2219f
-
SHA512
31fccb036f76db540fa406176d893818f428102d743eab13afeaa9e61834bcd25475a16d619f2d2f8d86a86b10f7aacefe0acaa170c118e6f019055ec106cd9e
-
SSDEEP
768:Y/bVoRTW81D4RA+vEOjz6rdG2Gil54RZfPGnf3Gu34aci6781DdRA4vEOjq6h8at:nRTW81D4RA+vEOjz6raA7IarC81DdRAW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 3332 msedge.exe 3332 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 4520 identity_helper.exe 4520 identity_helper.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1348 wrote to memory of 3280 1348 msedge.exe 85 PID 1348 wrote to memory of 3280 1348 msedge.exe 85 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 4132 1348 msedge.exe 86 PID 1348 wrote to memory of 3332 1348 msedge.exe 87 PID 1348 wrote to memory of 3332 1348 msedge.exe 87 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88 PID 1348 wrote to memory of 4744 1348 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\724dc101b1515447aab78f52b98f0e30_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1348 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa445a46f8,0x7ffa445a4708,0x7ffa445a47182⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:82⤵PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:12⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:12⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10210156081814035627,14662369296614297292,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2232
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4232
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2700
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
724B
MD5d4710fbfe671ab7606c637ce2fc0c851
SHA1f72a4e36a7528ec20690d002d7ab3b1ad8a8e6e2
SHA256621e3a3a7a577ad60587bf6312775a05a452f2b2a030c58856ace6a3ab794ddd
SHA512a901f871dea0529ec5dccf4899209d581423bd1ed140a2c8f0236210dd8478cc2a43b7f86093ede0704e38896b7e3d4ff78036c238a14e455acd3c91e2982d3a
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD5023db7ff238dea77f04deb517192e4cc
SHA10106aca96f8d0c1da3558271067cd598f6f1b0af
SHA2561d3a5479c602e49ca2fbcb66c69f799ee59abef25e2ad23c5a83e2ae61824349
SHA512ef5a9a7f4c450e69a147ff5b3ad0b27348f01f24f01a0645bebf029bd558f311888a6e1eb83424876b17839c4ea6185c151f5fc036a2021607823dc6acec04e5
-
Filesize
5KB
MD512512f5f981880fa990c445cd63342c9
SHA14a0ad13c070a515b1114b9d5a1e9ccf20999bdf9
SHA256eaa1aa3526104ea76eaa979b2c7cb3de7ae450391b6c5f0915a24b857b933b0c
SHA512964cb6fea60538707e616d80f0150c35f30b685ca8dd1ce450aa4d073ed51c583e7368a757ad753754727a6614e8e565ad947f5620e7325f1b1d8a2b14711729
-
Filesize
6KB
MD50512a7b7449bffcecc2502e312d801d0
SHA1300ff086d6f419bcc1ff14f767648875b935e20b
SHA256cf2c3a40f37fd65485114dc72231b19d50450508ee588910f48b159abbb15501
SHA5120895ca53f6a3df66a34fa37dc51e2c1e04b0fe917a0259c5aebd1653c32e12573d05edfcc56e92820e38496756a9553e45e22a34a1d547c620c9c8ac27b4e361
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD595b6aded5f34ff30b64259caa6c76545
SHA1507c74724d8d66856e31cdc218c137e02d89121f
SHA25620927589889ee9483c4ae32ce43e95e87b814b6ab627b0cdf5128f743ca93eab
SHA5122e7c1b9ecd0b7cc9ed180a3af67347e8ce78a343992a1cc88c3b97dfa24767724298e1ba515ada6b7e2e1fd34d5255ae79b0b65a4b6c9bfdac93e3581d39ef7a