Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 12:11
Static task
static1
Behavioral task
behavioral1
Sample
791c08318e470c9a2591da580c33ec8a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
791c08318e470c9a2591da580c33ec8a_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
791c08318e470c9a2591da580c33ec8a_JaffaCakes118.html
-
Size
30KB
-
MD5
791c08318e470c9a2591da580c33ec8a
-
SHA1
626aa5464bc14211809e5e6d149ef3c75c265e78
-
SHA256
db97d8380553fc66e423252b3de2c41ed0001217f0e522870410cf3bedf0a029
-
SHA512
80d89ee295aac5b9f0d3c3522cb88ba1a4e25d968adc03fbd040a0c1fc94cd7c56e268fca6eeb40f14f2c3f39b61a23b4e1017d909752fabca22871595ab3aeb
-
SSDEEP
192:uwn7b5nT2nQjxn5Q/rnQieqNnBenQOkEntB5nQTbn5nQmSvx0U1DTQJTWUZxyzJW:RQ/HxAx0U1KEbOCA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2992 msedge.exe 2992 msedge.exe 2020 msedge.exe 2020 msedge.exe 3300 identity_helper.exe 3300 identity_helper.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2020 wrote to memory of 1204 2020 msedge.exe 82 PID 2020 wrote to memory of 1204 2020 msedge.exe 82 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 1532 2020 msedge.exe 83 PID 2020 wrote to memory of 2992 2020 msedge.exe 84 PID 2020 wrote to memory of 2992 2020 msedge.exe 84 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85 PID 2020 wrote to memory of 3204 2020 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\791c08318e470c9a2591da580c33ec8a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba87a46f8,0x7ffba87a4708,0x7ffba87a47182⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵PID:3204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1644 /prefetch:82⤵PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1644 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:12⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12423717398324643788,16517665413209052642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5412 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4016
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2340
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2508
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
5KB
MD56a64e17b982d9485d802af110f03d5e1
SHA108d53bb1ca21ff6832e18578e10fb15ff99ac05d
SHA256c80ae9ad62704dd9827cea4083db120f0448c29179d944904226c3ed09275af1
SHA5128d2924e7f0b8c7b94c28ed3ae3e723952990cf72eddeba4c0a953ff495e9b1c9d2081d1c1fffdf211024c9923095ff671a571a88fd7f3f897c2eeede6dee66ce
-
Filesize
6KB
MD5be7ef6025d91273bad3cc4f5b8e0aff9
SHA10777443a139781ca45c881f34460e600f7cc01e9
SHA256c551d3f960cc015a5acd2aa2018ad61ec79c9ac7baa9906fe0bd0d13857577bf
SHA512f9a7e488a789e996507c3d512a98ca23a7e5828e3c66dba1bc59b45dd17651708154defdaec8d5ab746cd50a109f973d37fb95c39a1b850dae9ec4787108e99e
-
Filesize
6KB
MD5b9abd7d73c86e58a247681774f2e8e9c
SHA19a898ff352e949f8ea75d8a5157971576a8d1f0c
SHA256e6f010fbf797b726c66ad1a8ffed40950023df206e9f3af16bc5818f09dda593
SHA5129b332f9f5a2734d027e251051cdee6563102e21186510d122f887bb6a45239f8c832d594070537a41d3f6bef40887b2c0158af53ce6c64e4a32dc026260e411e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55be23704955753555628d5e9a46c9f4b
SHA168b083ef69c0427b6d77ffa465743386666da9a3
SHA256f25f38a1567f5764194e85623916c10c25be4a35c22c28e1ba3ccfaa5311ca38
SHA512e5e299189b7548965e9cef25780339856a9a08ca625173abc23c9657450397c8d4499b002070a9219fdb8a26d093703e6f20a3deb8791d0eaee16538ac6b2924