Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 03:16
Static task
static1
Behavioral task
behavioral1
Sample
742b134474113f83576f58cf1fcc517d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
742b134474113f83576f58cf1fcc517d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
742b134474113f83576f58cf1fcc517d_JaffaCakes118.html
-
Size
36KB
-
MD5
742b134474113f83576f58cf1fcc517d
-
SHA1
cfde49a436ac358398a294355620ccfa86bcac28
-
SHA256
3195738076ea73bf95dc162fa8d0b099c12c0b9d08dafc32c0f0f78cad243c82
-
SHA512
4cc9f06dde85de3c063c2bd9f61e1c92a68b893196253376cdee56201d67a2545028ec5d137faae5e6274fa0427c0fab3dc3e3a11d3043c475d7a82466c125ab
-
SSDEEP
768:zwx/MDTHcm88hARMZPXrE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6ThZOg6f9U56lLRm:Q/rbJxNVNufSM/P8vK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4476 msedge.exe 4476 msedge.exe 3312 msedge.exe 3312 msedge.exe 4608 identity_helper.exe 4608 identity_helper.exe 3640 msedge.exe 3640 msedge.exe 3640 msedge.exe 3640 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe 3312 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3312 wrote to memory of 1848 3312 msedge.exe 83 PID 3312 wrote to memory of 1848 3312 msedge.exe 83 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 864 3312 msedge.exe 84 PID 3312 wrote to memory of 4476 3312 msedge.exe 85 PID 3312 wrote to memory of 4476 3312 msedge.exe 85 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86 PID 3312 wrote to memory of 1404 3312 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\742b134474113f83576f58cf1fcc517d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3312 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe8b946f8,0x7fffe8b94708,0x7fffe8b947182⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:22⤵PID:864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:82⤵PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:1704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3640
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:872
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
614B
MD547f25706ec332833509ffda501805c6f
SHA1b03011852add6a06872e6bb5426f53f7e9f9da81
SHA2560cf89c29794a8253f0f116d930baa22d8c4f24379f35a789ad87b25ca9898ce9
SHA512f94b3dfd52bdc9e0aff65cd218f308710d007b782d0a98ed3540b57d0bd134f054d0b6bca48dd2f066cf6121de858612c8e1b3adcd9d755315579c393510bd06
-
Filesize
6KB
MD56f5ddcbfd34df84ec836a6ea014bcd39
SHA1574008846128dfcb1ba82b16bb1c68e66f805346
SHA25656b5fb02065b0d966ae21a5467cc41ea32afb49b9218e80193e5e44977692bc4
SHA5122564117e4c690f4791c38791ae38047d2119c360bd3f7dcc1cc81a09578b8ec0fc4d7afa845f9b8c61c7760b437a12c494ad45f924361b603d57eae46696c88f
-
Filesize
5KB
MD59e8ee36e17fe8227ff456511b85cb022
SHA1aa003ad16e7186d5a7b2fef747d60e31357682dc
SHA2568522c9fcd4227af94b2bef9ea56ca8df78730c8f7e4013819c66c60027a99574
SHA512ddf20a3f476fdc5d950356102e4d107e858f2c17b26e88db97703b84e0855a911bf4cc1cb0700f8e6a305ce40dfa51180083473715d137e0ee3fa2825bec9145
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a27d18692732cfb9468db270ec83f987
SHA1ac4a7b47c5b9a1b661f407d457ea72b8f52a7097
SHA256c8e571b087662211e4b05422a87192e299b4f386cc21178475772ff20f0e32a6
SHA51202262fbc02922c999ee60dce5169b390e7cc7673bdb2bf66c4d68953173156994056272118266e9e3d68fd9edff68329f759c97aab84ab433747f7c087c240b7