Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 11:39
Static task
static1
Behavioral task
behavioral1
Sample
790745e107e6ee354f58d0315f116fa6_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
790745e107e6ee354f58d0315f116fa6_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
790745e107e6ee354f58d0315f116fa6_JaffaCakes118.html
-
Size
213KB
-
MD5
790745e107e6ee354f58d0315f116fa6
-
SHA1
6bd5dec3cf57e27130152c8458c8aed978b76d02
-
SHA256
a7649b2d10558ef34f24a40feafd0d2b4c96d89a03cd617d9a3a88beb3b4e2ad
-
SHA512
58d41858143c49fb95abcd664fae6d9ad76d45aab6f7eaa4fb447698a2d1d8cad670239fe84735da2bd5f11f5364f179c5999fa4894688a4acf6e4eb63b8f8f4
-
SSDEEP
3072:Sv44iTmVCX1WuyfkMY+BES09JXAnyrZalI+YQ:Sv6aLsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3184 msedge.exe 3184 msedge.exe 3588 msedge.exe 3588 msedge.exe 2760 msedge.exe 2760 msedge.exe 2760 msedge.exe 2760 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3588 msedge.exe 3588 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3588 wrote to memory of 4684 3588 msedge.exe 82 PID 3588 wrote to memory of 4684 3588 msedge.exe 82 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 5528 3588 msedge.exe 83 PID 3588 wrote to memory of 3184 3588 msedge.exe 84 PID 3588 wrote to memory of 3184 3588 msedge.exe 84 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85 PID 3588 wrote to memory of 1868 3588 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\790745e107e6ee354f58d0315f116fa6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3588 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a4f946f8,0x7ff9a4f94708,0x7ff9a4f947182⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6124905194715180731,15727415817170553381,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:5528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6124905194715180731,15727415817170553381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6124905194715180731,15727415817170553381,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6124905194715180731,15727415817170553381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:12⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6124905194715180731,15727415817170553381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6124905194715180731,15727415817170553381,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2760
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1016
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5756
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
5KB
MD5cda020f45a8effe2e346219f9d296be3
SHA1bf85e9ecc6dc80852efbec4ff987da245d54c22d
SHA256ef83e70d75381cfa47361ff98ca9131f8552515860d847c0595ec5755dd9ed07
SHA5125bf0f66acd24f0491cd791ea87babeb7a2dfb6e2bacba0deea108469aedad4a6177e727dbe811ebb51457ea8e23149a924ca6e5ea94ff70ef39fb7ca2f5392e1
-
Filesize
6KB
MD5bd8a1a98c0575859bcfb666db43c9c9f
SHA14fd323d1accafd459a928bc2286f75980c944eff
SHA256d301c0486ed8a2c3e9e0ee6a313613836a2db432fd9aeb5d8f4090f530fa8d0d
SHA512de5e51a5e32d31df1c7031053b9f0fdc75341de541c0bd7d604d604d12bc2eb72c4d0bcbaeeab35fa9d20c8f8555ff0acbc2138d65dc6a8a59e0989a600087ff
-
Filesize
11KB
MD5b6e7d3b95430533c313953a16a06c687
SHA15d95f173da1cc5e922b4043fb3fd15dab4ed5e3c
SHA25698c4513b9669956c0144c5f317541f45c3b68e5ea980ad79e61d46f127809899
SHA512dc7b837e57f7647d1db66f6944e4e108340665805e294a7025ab9bab1e324c792621b70942b866ef13059f15f3d66d9bd4a5969d1e5933c4fc1f988eccd11a47