Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 19:07
Static task
static1
Behavioral task
behavioral1
Sample
7a32af4c3c0c97820aebd4ecb39a97d5_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
7a32af4c3c0c97820aebd4ecb39a97d5_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7a32af4c3c0c97820aebd4ecb39a97d5_JaffaCakes118.html
-
Size
174KB
-
MD5
7a32af4c3c0c97820aebd4ecb39a97d5
-
SHA1
052b9f33c88526020e8394e03a4617e2bd4192ae
-
SHA256
45aafda1c5f29bdd78b2ca16cf3a910d337fe84c8074dc123ec5498bc4dd9b6c
-
SHA512
a30ec244b117002c95527660334f6efee5122be1fac64d655e176a145af03d5a68bbafded831e268e72449d416778502fd057cc6a2ae45f41fc809acfb033a72
-
SSDEEP
1536:hvvMpVsokX+SXLZLZiRVHstsbfbkNGaBeDkeoCDzY16peIsVAT2BYS7LVtVkiciw:NT9BZiRVHksb8Sz66mV9232wS4YtC
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 916 msedge.exe 916 msedge.exe 1040 msedge.exe 1040 msedge.exe 3916 identity_helper.exe 3916 identity_helper.exe 4436 msedge.exe 4436 msedge.exe 4436 msedge.exe 4436 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1040 wrote to memory of 400 1040 msedge.exe 82 PID 1040 wrote to memory of 400 1040 msedge.exe 82 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 2280 1040 msedge.exe 83 PID 1040 wrote to memory of 916 1040 msedge.exe 84 PID 1040 wrote to memory of 916 1040 msedge.exe 84 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85 PID 1040 wrote to memory of 2156 1040 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a32af4c3c0c97820aebd4ecb39a97d5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd17b046f8,0x7ffd17b04708,0x7ffd17b047182⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:82⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:12⤵PID:2840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4436
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4228
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1332
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
972B
MD585d789c99b36799ff71f325af01b5a2a
SHA12d31701988d152255ece1f6ea4229cdbddd76438
SHA25647f43460aded1ad9b2fd0875c1606424e5cf43bed29abb4dfaf63756ae065485
SHA5124e0686264f6c43f65ecb58658d002cdb453eecd7c556ee7b337fff241e9d4ef7e9968d57498a004b9b827484db750dee2b104dfa0e2ff4e1f447a6289e7f6093
-
Filesize
5KB
MD5a9aa8c810a4a71b28e2ad3ea947530b6
SHA127e4bec0d1dcd437ee75b637a7d769dbd827626a
SHA256e7063e6add59e8a13237a4f27642883fd0eafe3b960d6854232d6513c32c1b43
SHA5125493f0a06c4b203c73275440fc7480b33fe8dcb8ef497fda2d17d5f9a202d5380339aadfac17bfc635a4277c74153e6f2b5d209caf09e3955ae3b419133996b9
-
Filesize
6KB
MD51383984e307c03cfe5491d6aaa190b3c
SHA17af4fce95ed9d13f6d12414db2f8fbc392b2c387
SHA256017332fde6d033839577d504e62d909d7cea3f3f3c2634d337fed62351511bf8
SHA5121c300d293cc5c1544970a3c3f41fd1f48a2755f9688a4e60a8e3c8a50b5afbc9fc83340b6dde0496017e478e5cbdaf0a9a00a7f5f3490c13e9a8edf6b44c9120
-
Filesize
6KB
MD5a3c2b688501f715f1ff9041031e06231
SHA156a5f893e64073361a1dc9280a478e87799edae3
SHA2568dc2132e127892d39f69d44d57e8ba95d3a797ceca727c7d27a5f9841b7bc530
SHA512c4d6d78a5143d068fe7740787389a6c2583ff7ae3ee84490547633c2760d0af0470569b7f6279ee487f23a3ed1fc9a7afd38d81770659203d3f317f8d59537c4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD59e771107ea0e42823e1b1f00052eaa2d
SHA1374058ed26748e5835842713d578e3383cb06934
SHA2569327c339157367f1f00b883aaeb5a15e4948d2b9de552943dd612be395822956
SHA512bf8feefa565d37a0d412ee3d7cfc41c09f61102cc307797a3f79359f82ba5989b6c5a2c27197d55f4076b92f0ac569c3e0ca78f213f482431114275027e187f5