Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 11:42
Static task
static1
Behavioral task
behavioral1
Sample
755deaa96d4177304c6c805a61ee92f4_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
755deaa96d4177304c6c805a61ee92f4_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
755deaa96d4177304c6c805a61ee92f4_JaffaCakes118.html
-
Size
139KB
-
MD5
755deaa96d4177304c6c805a61ee92f4
-
SHA1
8b812deb5d5395cc81a1ac02d37cc15094c22a23
-
SHA256
c16843f5d27c356caae3f2078e393cf65f984d9893253988f5e2a793d327c108
-
SHA512
0ae2f2c627a4735aa3fe07c35fc1137041728c413a7286b7fd87024459ea94b73252f67418408e5b9c8e4af0bab9d9dff592305fb224df205c27b7e481464e2b
-
SSDEEP
1536:S0bwbf9lmUyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:S0hUyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3672 msedge.exe 3672 msedge.exe 3500 msedge.exe 3500 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3500 msedge.exe 3500 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3500 wrote to memory of 228 3500 msedge.exe 83 PID 3500 wrote to memory of 228 3500 msedge.exe 83 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 2624 3500 msedge.exe 84 PID 3500 wrote to memory of 3672 3500 msedge.exe 85 PID 3500 wrote to memory of 3672 3500 msedge.exe 85 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86 PID 3500 wrote to memory of 4656 3500 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\755deaa96d4177304c6c805a61ee92f4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90ebc46f8,0x7ff90ebc4708,0x7ff90ebc47182⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2336,1954066895025372458,13698246623051476756,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2352 /prefetch:22⤵PID:2624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2336,1954066895025372458,13698246623051476756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2336,1954066895025372458,13698246623051476756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2428 /prefetch:82⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1954066895025372458,13698246623051476756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1954066895025372458,13698246623051476756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2336,1954066895025372458,13698246623051476756,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2648 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:656
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
5KB
MD52b8b17c7b6779c7e8036b9131f483b7e
SHA10847d5d87b60e4911688992d3f5b7fe860aa5c98
SHA256a56f60892296fd8c9c33357284e1e0de531c9eb7d54cfc9b945d6f4cf6ef374c
SHA5120e0bcabfae1ed157319d436f986179520aacf2e0c22158f4ef767742ef4fa65c61578168e305d4e8de9b0a8affcc4e8c77ffb22822dd3f71db798d148e24b000
-
Filesize
6KB
MD5c3b32e8777e291af77a86f4a495079e3
SHA1b45c378a908537a60783ba2b5c2cd65c0941543f
SHA256ee474648683daad307c6166b0f2cab9a0a31c46f5d6f52a3dcab3c5a03c7116d
SHA5126a30ec958b98cd1b1e06cf04541bde07986c10170f7c1986add8a508b515898190f7d24e44dc58d09e7c85742897dd2d5857aa977cfbcb6122748401b15863a8
-
Filesize
11KB
MD55b2c35cfc7310f218f089076ba8f1752
SHA1eedfb4adcc5df85a4bbb09458718e8d206aa8572
SHA25624e667e6a460fc7c2e40308a74d04213ae862d449a839395a155b68c7aa7f57d
SHA512cd72ad4c608579e9943b966fadcd9a48a762ab455164ffa23e9d43695a742e3b88ac350ba7ae210b6680f38fda2f796c34d59504c140370e61ef8fe37fd313df