Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
7ffca57d2f5d80e4e1449a2ed7c44f81_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7ffca57d2f5d80e4e1449a2ed7c44f81_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7ffca57d2f5d80e4e1449a2ed7c44f81_JaffaCakes118.html
-
Size
108KB
-
MD5
7ffca57d2f5d80e4e1449a2ed7c44f81
-
SHA1
e94c0c58934662b32b1d51e91508cb668390afdd
-
SHA256
1c49a4c5b5f8844edf3696305bfd3f0b8fee0b8b388907ad9a40623ca2262954
-
SHA512
ae3ce72866be58ea1b1a87b8e0c479757fa116e10303897ab99ec891825478f9f7e27c381a8bc3d07c10acd54815f1d7714c6321e26c25f09880c8c6182dc137
-
SSDEEP
1536:CD5SxZ8BMvJG3T/qk0Z9jCyEwQ4QaLTzDGNgxY3g5+WW:C5MvJ4bqk0jQdaLTzDGNqY3g5+WW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4024 msedge.exe 4024 msedge.exe 2216 msedge.exe 2216 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2216 msedge.exe 2216 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2216 wrote to memory of 3616 2216 msedge.exe 82 PID 2216 wrote to memory of 3616 2216 msedge.exe 82 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 1780 2216 msedge.exe 83 PID 2216 wrote to memory of 4024 2216 msedge.exe 84 PID 2216 wrote to memory of 4024 2216 msedge.exe 84 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85 PID 2216 wrote to memory of 1388 2216 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffca57d2f5d80e4e1449a2ed7c44f81_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a6b46f8,0x7ffb6a6b4708,0x7ffb6a6b47182⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4819917410591204695,10439578017953068196,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4819917410591204695,10439578017953068196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4819917410591204695,10439578017953068196,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4819917410591204695,10439578017953068196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4819917410591204695,10439578017953068196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:1356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4819917410591204695,10439578017953068196,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3112 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2296
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2076
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
309B
MD5135d234d5cfcb48718df2e47291abcab
SHA1b0e0eb5ccf63aff4f3ee5c7f735736ffa05c01c3
SHA2567b796da1190e895db762328ebeb9f5817a3e0facd3fef963f5051cd40e759b12
SHA512798ea9dbb0aa18028a6678b109e8c0d9a592b796554eed41bd3e648bea49ef0d38b8dd55f9ea21034d3a2accb604f62d28aa0305958dc20340ce777b9df09793
-
Filesize
6KB
MD5e5988a4020dc1dae2476bc47bc8eee06
SHA10838b8d977eb1e70347a14da0fec21087200abe7
SHA256d099fd9729ca0ef23906c0e283d4440948568fd9173d2ead3b6c739f7561d0fc
SHA51238870b5eef7e0199c863d948e3cf15f6be01767fdd3453b28f3e81fcc1b97edb1b60b51e479f472d7e2e05880bf008e23879dbd288b9ed8426298120a69ff321
-
Filesize
5KB
MD57ac4e501ea8271634aac0c06317ccbf1
SHA112f6e1a9e91c9df8da3bd15e0769d3707e3976ac
SHA2566a9d23a2423e0dca823dbe24e7bed416fd59f96414e107d002ea4239650dd425
SHA512ac6ecc1a5331ede3fa19c06f1744f3ec515a7615c071d3833dcca0e175c6ee2644231927d23d85d43b8898e92bc839daed871077f2974490e1ea1328bc77016f
-
Filesize
10KB
MD56b6a94bf9d204000dc1a6f346ba9ca37
SHA19875822e469a8eb82e2183f38e1f6d2ec422f8c1
SHA256a5cffc8a21f3c27b512e754ce9e2f2f2672c3934145f23c79cd4fd809c7e3281
SHA51208540211b58925e1ccc7c45e2b5230b977b6191a3e45886d0f4f39655e23da6be7c47642d438358a1fe71cc159d41dc6898608d1ee93a5939d4e057d8911ca46