Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 20:24
Static task
static1
Behavioral task
behavioral1
Sample
7e48d23753c5b89a9a4f81aa78fb8754_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
7e48d23753c5b89a9a4f81aa78fb8754_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7e48d23753c5b89a9a4f81aa78fb8754_JaffaCakes118.html
-
Size
8KB
-
MD5
7e48d23753c5b89a9a4f81aa78fb8754
-
SHA1
7e7c05f19c364d141baf21e02f614b8146fee7c3
-
SHA256
027c6183400ddbb1abed5668b2bb951288e2eeac7bdc9f67ad4163b70ca02a97
-
SHA512
0c86a6ccbee9ed42c930baf7d6592c208378659106f73175683e3cef0f603ddca20385edb9c91b8f1f6db07fbc208f70df2ae522015d783fbd95ae55de41b50c
-
SSDEEP
192:Z5cNlENdBHxQKrTZbzoNRN3NLDNj8lh4ZEyIbBRq2Eba8ChqcpllL5NRbiELcezi:Z5cNaPVzoNRN3NLDNj8C2S0dllFNFcem
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4112 msedge.exe 4112 msedge.exe 2012 msedge.exe 2012 msedge.exe 3440 identity_helper.exe 3440 identity_helper.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2012 wrote to memory of 5004 2012 msedge.exe 83 PID 2012 wrote to memory of 5004 2012 msedge.exe 83 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4008 2012 msedge.exe 84 PID 2012 wrote to memory of 4112 2012 msedge.exe 85 PID 2012 wrote to memory of 4112 2012 msedge.exe 85 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86 PID 2012 wrote to memory of 2984 2012 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e48d23753c5b89a9a4f81aa78fb8754_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd8947182⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:12⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 /prefetch:82⤵PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:4176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:1316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:12⤵PID:1428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:12⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1448
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1044
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
1012B
MD56d18b7eb571159f34d4462b3c615aa03
SHA10e7c4249cf9223707e521d82a29048a3b84f44bd
SHA25691efe80c249eeadd0662f841bc29447812d78b0e91308517d8ec6c9d73d05640
SHA512e273ad24476652ae92cd25646e6765af781c1b2f2457d2280db02ccf0fefee1adbdebe1a8ada2cd1ca48733faa42cc7dc0fdeb0725d05e749b9b4b180824ea0b
-
Filesize
5KB
MD542ca80cdb756c6a1dc6a9fa8e4c9cffa
SHA1dfd154eba2b2b43a7d357b838f0ed014a23be6c1
SHA25687ac67e537c3714a5d51ed497558c3e810f34ff220e53c96c047b559cb35e965
SHA512c69104d14af9386aa36e861a8d7e4ac3da89fe06b1899682a3fbb6caec2725edb7725175ade58002de38c16a3ae7ce9580c9d42811ac4c01bb1289f481b2f2cf
-
Filesize
6KB
MD5758d1a41e6ec1021224791ac838bc1a3
SHA1b312fbc466a79c6fcc10c5271f0fd4a84ed24e2c
SHA25619ac174187cb382034a3de3839fb2bc2af0eae8e8a648d94c1ca7fa52c7c9786
SHA512b5161ce29ee36e727e169980092da9ef688f13c9a22619caeb71f46e57f8cb01b16d98564debe10d546d8bfab95fb7525d674d181e15774235a1439214dd9d31
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e5174d6db199f0f2b06553faaa1fbdad
SHA164c72e10a44636396f0a37eeaee2cc64dc6c522f
SHA256ddbdbfa00e09992c188527b1b8616b92e42117e2af8bb2dadbc9a0b9ff5ff997
SHA512ef5fa911bce1b9efe5397a075164893fe2fecc032c45a8e73791f2f0651decb9d403304b444d86220f6d4dae7574778281084311d8498f82105a04592dfa6c84