Analysis
-
max time kernel
145s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 03:16
Static task
static1
Behavioral task
behavioral1
Sample
742b30896cfa9e504c8eef22d5727273_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
742b30896cfa9e504c8eef22d5727273_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
742b30896cfa9e504c8eef22d5727273_JaffaCakes118.html
-
Size
461KB
-
MD5
742b30896cfa9e504c8eef22d5727273
-
SHA1
ffc7949fc0528f207567e5f9d34926bd1afb52b8
-
SHA256
4e65ae1d4f8b50fee922ead40d4d985a71257549c123b92b32bd5ce560804c77
-
SHA512
004ffe3fccec2afac33609c61e3a9101c5e02c33ec4f4f7eab66ab46a233d93eda248a3640bb977db591feeac276cd887111c1ab504334e92e9a124cfa782127
-
SSDEEP
6144:SRsMYod+X3oI+YpQysMYod+X3oI+YfsMYod+X3oI+YLsMYod+X3oI+YQ:e5d+X3D5d+X3x5d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4640 msedge.exe 4640 msedge.exe 952 msedge.exe 952 msedge.exe 3212 identity_helper.exe 3212 identity_helper.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe 952 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 952 wrote to memory of 772 952 msedge.exe 83 PID 952 wrote to memory of 772 952 msedge.exe 83 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 3952 952 msedge.exe 84 PID 952 wrote to memory of 4640 952 msedge.exe 85 PID 952 wrote to memory of 4640 952 msedge.exe 85 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86 PID 952 wrote to memory of 3492 952 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\742b30896cfa9e504c8eef22d5727273_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:952 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a647182⤵PID:772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:22⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:82⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:82⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,14388605361992981312,11957246993894231706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1272
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2856
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD56d909e7c5851d7e9244e8178160a7217
SHA11f62964c0fe3d8a99dbab46cf5c9c220ee07034d
SHA25695e7eb10a281e7ea3c0fb3be9ed35706c82af77f925254bd8503975960f83cb8
SHA512a7a08cef83fac7870ce4decf049696caa7ff6de555441ce87cc8f95ac3cfbbf9119033dc68e11494e9077fba89512fe34052b24205cab6d1065a57b8a9e810bd
-
Filesize
6KB
MD5c3366b87cf7ce83707bf72bc1dd90ac9
SHA19b9e8ac1e845b6d69058a7a5f64de9acd9848892
SHA256b56c92c7874bbf76fed10cb5ac94604005c974d0293223a895eee0ca4acaf978
SHA5121567278024d2544aeebaa8b088feb8754724d8abc1fa883146aa8235c5e5de1a77a16240eb3d92962885616f09475824a2b96487dacdbda80eacd8e889c056a3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5dedfaae143fdc5079cf5a457ab10d7cf
SHA1dca655b3f7c3e6016962701e3a2c16000ca09d5c
SHA25642edc1dabafa91637786a18059f251029320264eb1cf9bc8737bc63960631f17
SHA5125bfdefaa4f4938a1241963ec434c817a7921081e7fa8f8f695b4e8bac1bbe0954572a47109df6ae465e427304325137dfab8533e69258da61a0f065b97c2d2ab