Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 06:42
Static task
static1
Behavioral task
behavioral1
Sample
7fd1fdbc7b065cb29436494e1cf0ee38_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7fd1fdbc7b065cb29436494e1cf0ee38_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7fd1fdbc7b065cb29436494e1cf0ee38_JaffaCakes118.html
-
Size
72KB
-
MD5
7fd1fdbc7b065cb29436494e1cf0ee38
-
SHA1
389314163369dee2b2699dcdacb8227ce45d1f86
-
SHA256
68723ad2fd710133071e190f748cb9838f08a11c329d1122a9bc71f8aa202997
-
SHA512
96bd6f2fc5e68ce0afbbf751a55240eecef66091883dd497a1d282799e1fb5f5409da3b23546952e60724d1520ad7b7f5e417083657b500c1e91a8d19ec81ebf
-
SSDEEP
1536:lxVtziyd7Ef+FvPNo5LTPWC6NAYSY4d6PvviQWILdd6UjDz9CgRT+l:/juOEfIvPNodOAYEd2vviQNdd6cz9Cg4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4536 msedge.exe 4536 msedge.exe 2272 msedge.exe 2272 msedge.exe 5340 identity_helper.exe 5340 identity_helper.exe 5648 msedge.exe 5648 msedge.exe 5648 msedge.exe 5648 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2272 wrote to memory of 768 2272 msedge.exe 82 PID 2272 wrote to memory of 768 2272 msedge.exe 82 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 1080 2272 msedge.exe 84 PID 2272 wrote to memory of 4536 2272 msedge.exe 85 PID 2272 wrote to memory of 4536 2272 msedge.exe 85 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86 PID 2272 wrote to memory of 2412 2272 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7fd1fdbc7b065cb29436494e1cf0ee38_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2272 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1cb146f8,0x7ffe1cb14708,0x7ffe1cb147182⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8244 /prefetch:82⤵PID:5136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8244 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:12⤵PID:5444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:5452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:12⤵PID:5780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:12⤵PID:5788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8178709290038939810,14589289990495697286,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5648
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2748
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3108
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
1KB
MD5bfdff2c8e9cb7ed6669b281f04af02c3
SHA11ff82474a2e471a4a9c45931aa0e5241a71369f9
SHA25640a3bdd2d1a98978e65235b46ef7516ad15f3df94f55cdc6a4c1dd7c3b035671
SHA512cc36c41110cb2caa3ecb559efcd1d131ad59b3e14a78686fff8fcf9e6a5ccfc102ac025d51740e06e676ab2cd5cf6a8580ad9b039b3abd2ecf485bfa97541701
-
Filesize
6KB
MD54be57b20169fc82fecf5be283c1ed742
SHA1e029cb5ad0c4c4ceb13084465a0579bb9e8bb853
SHA256de98ac58fed0086972b6ffd4eff5acc7676841961d6af6be5e9f59df2f69b847
SHA51223ee48d00fc15fbc8ca17fb39207597d1e1306d79ae8883fffb3ee6d277e1bbaaf174662151005e9e7e8b17ac5bcec2658d8e189463d744ddd76d7043ef68615
-
Filesize
5KB
MD542fea7bcdf914e93b06f71f88e1c638f
SHA157d1852d36545376d2f11ba021f98b782e5714ca
SHA25693ef5edf6629b97d4fec42c7eef166b5f893b190d2a5bd396eb231f91850141a
SHA512f30fdbf11fd91ee3eb716deefa64e3eba003716c8f1eaecfa518fb6408099a408b1856db252cf4db794a0507df10537172518419ffb864e82bdccedd21c00fe7
-
Filesize
6KB
MD5913a23f521c501a6007a69415a897738
SHA13bcacea722f7a50683788854d3bea882039d4e7e
SHA2566804565f7287cf3a63adbe96cb3e2c6096165cae6d32b1f674c0e2e7c994fd91
SHA512db15458ba4882e483d470515d898e053be57a6461cf56eeed1f13d26798f8762cd445f07e53061e2b83362764674763d8e5409d908ae3a03d616b6d17359b4ce
-
Filesize
706B
MD5f234f156576eddc3dcbbd7f4c5a720ad
SHA1a03705d909e0f8817af0bb52b668482fe552e844
SHA2567011de33a260cda0354f59c798a36b20a18ccee879ec433b46aef4e230157e79
SHA512ae809dc68ca56c7d30901fb314cf809aca77ae9293eee628c9a1a9d53ea7f9df0be638d6dbe8abaeeefed3e5e85a509d2597d3a02e52c5920dd4fac1482ae982
-
Filesize
203B
MD5e37079e3b6dc7e548200d314632681a3
SHA150b1a61a944f61cecfa05a693f0ffe40e0207c36
SHA2560ef499bca6a8d94df0dc24e4cba509d0a51e7b1518fcf12643e5b10225a18836
SHA5128284cfb9ceab35d9b166138890bc188b9424d4871a5e2a1930c12f4463f533e29563466bc1453a58c8856e60bf9124e74a784ec9956527775ed94ff9decccf98
-
Filesize
201B
MD595af500fb654af409fee37c4b95a7fba
SHA1d4c22188f924d35977de0df72b15f8f4d2fbd161
SHA256111acb037094a6c742d1186f0eb911ed7cd13d5fc2b97bd1e99e872fd092a9e4
SHA512c86db9da76478b14ebdaed5cf8771b9c0e13a3bff828746b3ae8ef320bda0a09cbb05b8612620003227f7e05336c070f1d6e8c344237d74791c01ea963ea7534
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5f011c54275c105b4c16237ac10c55a2a
SHA1bb64b9de3202fafb7b8f4949ae388d9bfe8e61a3
SHA2561d733996ea4f36f6de0a904a2a76c617753359fb7d6c671ac9b6288689469b35
SHA512a853c16d5e9aacc0075e962f3c91bd96dd5d78c1409622b3b6897eb7ef3f28ccab4aeb7b60b03c89559f4e0d68d77e7df2c8d8498b141b6a0762f9eabc8214f7