Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 10:42
Static task
static1
Behavioral task
behavioral1
Sample
7537bae2d9a43feee30b16e828bc2493_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
7537bae2d9a43feee30b16e828bc2493_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7537bae2d9a43feee30b16e828bc2493_JaffaCakes118.html
-
Size
44KB
-
MD5
7537bae2d9a43feee30b16e828bc2493
-
SHA1
1bf3f7549eeeba9a647a3755b05529b3aff98e08
-
SHA256
e6f4ce87119a95df93ad1d0a64efba573aead080889ee47b1e46aca58792c046
-
SHA512
7bf6c2aa72309814c26564dac497607355e6995c3d8b1f372710525af8875430f6b39802319271b751e2aa8c889e443f973c5db61ae26d6b1d3382fb324b6e5b
-
SSDEEP
768:ZbQULzm1W5ApXgahNfrEf6BaZo2g6ac1hK7giWgK6k8gz8VIyqrRk9fNaj3:W1XshdK9fy3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3012 msedge.exe 3012 msedge.exe 3788 msedge.exe 3788 msedge.exe 2128 identity_helper.exe 2128 identity_helper.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe 3788 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3788 wrote to memory of 4480 3788 msedge.exe 83 PID 3788 wrote to memory of 4480 3788 msedge.exe 83 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3280 3788 msedge.exe 84 PID 3788 wrote to memory of 3012 3788 msedge.exe 85 PID 3788 wrote to memory of 3012 3788 msedge.exe 85 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86 PID 3788 wrote to memory of 4228 3788 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7537bae2d9a43feee30b16e828bc2493_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3788 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa4b146f8,0x7ffaa4b14708,0x7ffaa4b147182⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:82⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵PID:1120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,10602157075583487889,17699688246805871084,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1656
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2652
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4216
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
474B
MD50a8c27b03c0bb7a59332d76457339dc1
SHA1b59a375677a5f9e4f509c604d3173669563ce71f
SHA2567f038740d0cbcabdb6b791f7766b3ef03e1af5921eb8a2bf3ca119435551a8ad
SHA512b9e50f5eac25a35de8ad16d6e036c2398bfaed403ea21b16a517b3e482105ed9fba161881707347e73d23ab9d65b58a18a030b06763af30f73e96a803b220fd1
-
Filesize
5KB
MD53806025f148afe84eb9363008cefc2f8
SHA1654f9730745f2691eeeebdaa3859113bc3061cb2
SHA2569376c5ee6cf365c0b53da14a7bce1841b9ce4894d9db517d8c88023442e5ae20
SHA512a4a711e65d8ca2dc7311e5a82b566a7b0237f1292de45f60640e6e75d4173292558436d3e369cef737c8899249804e5fd7c55764b9d7141b7ac3b5bf5155cd2b
-
Filesize
6KB
MD5b05d877047f7194e9787f1339c23b8cc
SHA17f2441afa414e2b7215acce8ed63cef49da8fd16
SHA256aab0587be162f44e414c09603be99a8d714ad8b5ef84184da2c77ee84c4d665e
SHA5121dcbb6326e48394fbc51d3113e4e826d2e684c4adad00a255ef376cfc002d15a3160d591f8c8b46f58910c398a6c970e4c6c4ce6f5ce5f693840dfa7a348bfbc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD59e274e4847894b157deb1048a0421b89
SHA134ffa891169a223622342eafcbb647046e0550e7
SHA2565d1d964171c372036a1198e69b9a0ec895cf983fb2239cd44ec933540574f71e
SHA51202a478df750031c0d744e35e3fe598e26dfa932e4231c15f9782f7f18fc6a9dfb0ef4cdeca41eb1b6acb6e16d1a65e6144623055997cfe067a5909e460abf8a1