Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 19:07
Static task
static1
Behavioral task
behavioral1
Sample
7a3295bfd86c4d9f90594e4ecf0d470e_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
7a3295bfd86c4d9f90594e4ecf0d470e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7a3295bfd86c4d9f90594e4ecf0d470e_JaffaCakes118.html
-
Size
141KB
-
MD5
7a3295bfd86c4d9f90594e4ecf0d470e
-
SHA1
86c5f3fa1232d884454ff6e1803d1faf282d5d82
-
SHA256
0e94e58d9c4ac217c3a4ee60e0457e9a4186ef53dc358e62cc434273c2db91d3
-
SHA512
08bdff3856a35c9e11dda3bddd6647eba72b71f86dba0c0539d6259697f403d69c749a842dddcfd38b2fb720c8d16552bc0dcabb88596199dc36938f69ca2224
-
SSDEEP
3072:1wNYklctklctklc7uG/bI+3ikcxklcPEijZeqhZEijZeqLm7IjFXLEX2gokDVjbe:yNYklctklctklc7uG/bI+3ikcxklcPEo
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 5064 msedge.exe 5064 msedge.exe 3572 msedge.exe 3572 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3572 wrote to memory of 1060 3572 msedge.exe 83 PID 3572 wrote to memory of 1060 3572 msedge.exe 83 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 1848 3572 msedge.exe 84 PID 3572 wrote to memory of 5064 3572 msedge.exe 85 PID 3572 wrote to memory of 5064 3572 msedge.exe 85 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86 PID 3572 wrote to memory of 3640 3572 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a3295bfd86c4d9f90594e4ecf0d470e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3572 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa75c46f8,0x7fffa75c4708,0x7fffa75c47182⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,1175158302697867744,8813318679157180773,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,1175158302697867744,8813318679157180773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,1175158302697867744,8813318679157180773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:82⤵PID:3640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1175158302697867744,8813318679157180773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1175158302697867744,8813318679157180773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1175158302697867744,8813318679157180773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:12⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,1175158302697867744,8813318679157180773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2748 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3324
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1440
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2460
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5978acb488130b5d568f5752feafc7fd0
SHA1e44f630985e932da9c6934132784c66123fdaaf7
SHA256a22ef32e10b6a6012d3741cf3ddefc24ed309a66d841519282891b2930f5eda6
SHA512185138aa9452f6ccd87bfd82bf74125ef93b09432616249204b7dafec7712bebdabd8a87aeb7da9b166dff1f1380d23dae7afbf29fa78a1e4abfbace7b054eab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5af15f91ce7df127557a16c8fa7544bda
SHA11fba78ca7493267fdc06e0df25e0a1e52bc60748
SHA25664c3fc0c6e44c8575a3c2bca6c7a12a327c57bde6eaf7aead76b1be17eabb695
SHA512c55feae68a7e8f4ba85610bf500bcde2257281e28e307286e0e09fece66892b2b7c27a8d4c0db4acc09df6fa7165091d20c58c40ea54233533ef0f05fb63c507
-
Filesize
1KB
MD570b823170282a282541c8cfb795aab97
SHA14079f3582c9f89d82b1e915ff728e4e9f6dd4d56
SHA2564fc92148ba7ca8b36f0eaf316eb27775defa01a51e607c572766fb780a7362a7
SHA512c860f2c100c54b439d4bca80cba2c31ec69c3ed4954a3a1a4ed9f655d8367bde02f64e83dad783c35487afaa97b5cd1859e11e92bdb5c63897fb736698c4c4cc
-
Filesize
1KB
MD524d7fd2e6ba5927892ae3813976708c6
SHA1a4ca71ea9a82e599161a2c7858ebc45f887fd6b2
SHA25617cc50e32bf78949bb100e6b65d8a6c8756c002417fb33eff378a786884d40e4
SHA512cc6be9510a31f691bde4527e5be4e93f6d88e638b8f0fb8239abbf76cd08e83e44dfbf6f57a8f66074f8af5527997c4054ef16b529aa3ad30cd9c70e90bcea62
-
Filesize
6KB
MD520ee78b5ac0547ab568539f0cdeb6305
SHA14bfc1007a1fe14d1f0bd7d256286c2590f0b75ba
SHA256745e0bd001fd1d1b52b85d837fc88f1470f2f1e00702c7ac73baf390ec7a8171
SHA512bba3a9448f9623e4f96e8e946f8e19182a607df0a2b82c904dffe2219c87a12dd7ada4bc9950a17e1f255d2b32f5b253c339a78e76a1ff3427567c3b302a6d4e
-
Filesize
5KB
MD5e16c10d842ff06883311db05f636f97c
SHA1041403f74092384d5ab631a191e4bccaa9b37af4
SHA256f57181614c5e6e276ae40a8058cb26fd6f5b2caaebc4557ba656e93a60a793da
SHA512bb3b08aa34d9a5348f468e39ea1582a0483ecde311793476426f1e72f0a711e56e93d58c276be9216632da6da421e9ba3a45a6d70cb7d9ffef73f380af07bca0
-
Filesize
11KB
MD5c4873222bd3c45b511ae39e52c72ed73
SHA128be187b92c2ecb0bea47a5c9a2de4c6afcddb09
SHA2560ba62228f752ca60fd73620fefd7f89e35a934a884b85cfad1e37ec88abf6beb
SHA5127115ae57b71075aa08856166200de46ab9e43538c82212f26e87b943e1f8a2f8ab6f94f92998dbf19a5594699331f7a352035fba9c6156bded72c954ea5b96b6