Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2024 15:52
Static task
static1
Behavioral task
behavioral1
Sample
75feaacaf8d291f66d9ef283f8704b10_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
75feaacaf8d291f66d9ef283f8704b10_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
75feaacaf8d291f66d9ef283f8704b10_JaffaCakes118.html
-
Size
20KB
-
MD5
75feaacaf8d291f66d9ef283f8704b10
-
SHA1
67bc659522deca0507e9cee13bfbf3812c2bf17f
-
SHA256
7829be75d61b1b6c44f9e2f842c42336105f165e8adb71dc05e14c9325829fa2
-
SHA512
4f68b325c0c8ee5eb12d24f85d75125f498e5d2e8e14b2d5e603c4231bbac2d6d289fa62b91ce9f29c8e3adafff4e86269da946c708c973be189134e8d438b1c
-
SSDEEP
384:P1pUBvSp+OAUDHJMT0gy0mWSfEYkeeAFQ:9pU0pjA4HJedyjWykgFQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2200 msedge.exe 2200 msedge.exe 3360 msedge.exe 3360 msedge.exe 3148 identity_helper.exe 3148 identity_helper.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe 3360 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3360 wrote to memory of 2372 3360 msedge.exe 84 PID 3360 wrote to memory of 2372 3360 msedge.exe 84 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 4388 3360 msedge.exe 85 PID 3360 wrote to memory of 2200 3360 msedge.exe 86 PID 3360 wrote to memory of 2200 3360 msedge.exe 86 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87 PID 3360 wrote to memory of 4784 3360 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\75feaacaf8d291f66d9ef283f8704b10_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3360 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffd421f46f8,0x7ffd421f4708,0x7ffd421f47182⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:12⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:3872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:82⤵PID:4184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:12⤵PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:12⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11398260710145384990,15570896307798650380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2392 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3908
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2156
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4232
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4237c639-b8bc-45c8-8b20-65a923534c2c.tmp
Filesize6KB
MD50e6bf3da354cc8968eac9a2dc1c551fc
SHA1de506fecfb6cb78d08799cbf6813e75150b09706
SHA256a49bae7e0c14c5e3d5a6e2a3a691c465c49f52d3c522726521e5acb5b90c2280
SHA512a065dc2f43d25f5d929c8cbbecdd6cdcc2d32a7d5f705f813f31666bd1695b0a71925b34dccb24e971366847409820c2d237cf146ecc2db59acf78cce286f6ec
-
Filesize
5KB
MD544dded54c794885a311457ffe383f750
SHA1a8844145d741f5c96fd521df986e1fcdd71a60f5
SHA256fe7d7fc3e4dc7abc6eaa9539e417e429d9820bbaa09627f5e0a37de4fa51506b
SHA5127ca01d281a7c475f82efe69b19a96f8fdd99e82dd7fa9debbcd9de17c6d4f2ccd2900bccc4240c55b70e6b97b70f823d985f7dee171569c8468f6a39a24e868e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD579130b2d520f572c726bcb4ae0442e68
SHA12ea6e5370e2dae95db0864f684dd16b6315b3e7a
SHA2565f8377d832b959ae90d29fa9f12d35d5c3228f38ff1ddfc98f6a03d1dfadb654
SHA512be7a4769a5f70ef65c1ba9cfc26f51241daba41005384076083c2067a86ae7964e3af5a3c58354efd6cf6be1fa0561bc742a141cf94d1e7b3a01994f69fa0f13