Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 18:27
Static task
static1
Behavioral task
behavioral1
Sample
7a1539ffb0872fd9d760f2973db41868_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7a1539ffb0872fd9d760f2973db41868_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7a1539ffb0872fd9d760f2973db41868_JaffaCakes118.html
-
Size
13KB
-
MD5
7a1539ffb0872fd9d760f2973db41868
-
SHA1
ffe7b67ec0653774be55da5fe0230657831a5979
-
SHA256
acc36c050d30b54c8556548ad007c327e02b4cc3030e98e05761bc49839d2a3f
-
SHA512
d3cba484173ccc2c60bef342883947d8708bb394b18ad600fc94b4df87259b75caa536c65077da1d80aa120571dd0000b643c4eb286d6317084626729b38a683
-
SSDEEP
192:JUWvHpwQbM2f6jIBnDbxQ6ACtPNsF/GZJfrIVXecepdIfsdvdarv:RH6QbM2f6jIBnv5G/4jIqpefsJErv
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3932 msedge.exe 3932 msedge.exe 876 msedge.exe 876 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 876 msedge.exe 876 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 876 wrote to memory of 3964 876 msedge.exe 82 PID 876 wrote to memory of 3964 876 msedge.exe 82 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 4956 876 msedge.exe 83 PID 876 wrote to memory of 3932 876 msedge.exe 84 PID 876 wrote to memory of 3932 876 msedge.exe 84 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85 PID 876 wrote to memory of 1216 876 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a1539ffb0872fd9d760f2973db41868_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:876 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad3946f8,0x7ff8ad394708,0x7ff8ad3947182⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,17103462590782430501,7076342431961708646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:22⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,17103462590782430501,7076342431961708646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,17103462590782430501,7076342431961708646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17103462590782430501,7076342431961708646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17103462590782430501,7076342431961708646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:12⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,17103462590782430501,7076342431961708646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4600 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1088
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4008
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
191B
MD56bb0e1d8bab7ce211a058d8817f73035
SHA1125a3b2a1187f2f70351cfc97c8b88d4094ef05e
SHA256ff92bc2ea67f586d5de3bf6d0d22651fbc091b1e6fe822a8f003df5e1d27e888
SHA512b592ad470dfe2cad76587bfef3afab3dcfa836d00a33cf7a134fec0f3de77c86e27f225e1d2a40be27a1c3ef662e83fa510052c1dde824d2d510ec25a8c18533
-
Filesize
6KB
MD56e5248e2859e5dc0c2dd44fbfdb51d91
SHA14af32d2f29b79e50f6717b31b595a4c35ff367eb
SHA256fe5a2012bf7a65a552c8145cc054dab19238492b9f4fca652d32b3686070c3a7
SHA5127971de72d68d72cd0c01c5d98ab6269cf5941632a49468c61ec8737d57623a6a0a126d8b19961e95bc1530e7ed80dfd0e8c54825941285a60166ab8ed17579b4
-
Filesize
5KB
MD57a7d26f8cf4ddb5feb16d4acf5d94595
SHA198771c5856d29e6af74f29ca6994ba68dc8ad11e
SHA25675517e64fd2f594728e4de6205d894db39d3495562e71fadaddd8e820d83eec3
SHA512e54593565c20d4030f874ba3a402c476fd1037edc0d3295c7ade73cff407e33c728fd64493ea7ed9e78f045afd042637340d64801cbc4e7f5ec83a6ced789cb2
-
Filesize
11KB
MD5cd5cf8502c56969d220754fdb25536e8
SHA1b2f3bc671a19feeb953d94a1e0800287d400bfb4
SHA256d14ec2374497aed0b88e7c9260a82efe43cc00f9e6a4065aca0b38c4edd4aac7
SHA5129e429e032b01d9171159c31b364255a1d5230dc9bd2c0c330e699de0e70adca639d67f6806efd6a4c95209a55de108707e2e683d89c8a607868599f6ef0e3f25