Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 08:24
Static task
static1
Behavioral task
behavioral1
Sample
8017fd82b03e0ee912c8722f8649b29f_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
8017fd82b03e0ee912c8722f8649b29f_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8017fd82b03e0ee912c8722f8649b29f_JaffaCakes118.html
-
Size
82KB
-
MD5
8017fd82b03e0ee912c8722f8649b29f
-
SHA1
f86b68c5f94fd343e6867e334f7b8c9112747694
-
SHA256
4078a5f0a34f5d9b7839ff5aa1f6785e90966c5f526395b7b1366747cc3b73dd
-
SHA512
1368a2ec8b62b6e9f0fe744cddee4840b2dcf85b4c26bddc8faac38971d0a0356787f14ad02aaed341b9e4743d960d25153a9ca18f2a228f604412a4101d15ae
-
SSDEEP
1536:0uvhrWfGI1+RNSLPGKxo4TIywyYIj5Zyomu8oBcw++4lSKFuuT3OQGRzaNzGdOjU:0uvNWfGI6+i40CZyomu8oBcw+rSKFh38
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2084 msedge.exe 2084 msedge.exe 5004 msedge.exe 5004 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5004 msedge.exe 5004 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5004 wrote to memory of 4912 5004 msedge.exe 84 PID 5004 wrote to memory of 4912 5004 msedge.exe 84 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 1488 5004 msedge.exe 85 PID 5004 wrote to memory of 2084 5004 msedge.exe 86 PID 5004 wrote to memory of 2084 5004 msedge.exe 86 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87 PID 5004 wrote to memory of 624 5004 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8017fd82b03e0ee912c8722f8649b29f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd329346f8,0x7ffd32934708,0x7ffd329347182⤵PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18320499321416145840,9558366138514372348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5112
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3204
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2660
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
29KB
MD50f83cadc148d2ad7e53c91f6c4ee05bb
SHA190035c5fffedf4b0f099465f6b929a030b46c92b
SHA2563f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
SHA512c911420875dcadb64611550e83f9a525309eba69353dac17d3d40a8350a417f337718a24926df62f9f69136c94962110c897630e9ab7c0c9eb480b0775613c7d
-
Filesize
467B
MD5d7439e5b3309294010ff4409baf18bb2
SHA11603059f8f124194f5ab1e20d8f618035264b6d1
SHA256964765bd14e5664525ddee95573305969609e21c56a0b5e5d5ad9261f409d5d0
SHA5120df84b4d40cbf1ce0534d5ae8be8be777740d0e44c9dfc94c61084edc64f4a87c7e5904e952a32c6a7bec597efe209ee160536f1ce278b82135268ad6751bcf4
-
Filesize
6KB
MD55f6498f3b54deb1d880de34b9e92c262
SHA1c085bdc3546accc54a3fd9420c95f5990d023805
SHA2569f37cd8dd4a6998ad322e9174ed536fe5c78f971809f4346c07b1f6addce80e5
SHA5123fa2eea15eda8d7894ced5e0ec2c83fc23ac25f741a70814aa729016a2baffd60def2914646d2d018efcea1c22b212ab9ba50b0fa11b8642bc10c1a404a0dd9b
-
Filesize
5KB
MD571838728cb5c1bfd6ecb93cc344a62c0
SHA14c422968172b37b74ef5334371c953395266ffea
SHA256ff570d7a73057dbe3d1eb592027ee14a514a2777c13fe1204c61058da2be0ac5
SHA512357c33a58e24f6448fe1598f196c82de3f971304386cbbcaedceeb7a5a2a4a37736d5ca92e01a70347e4f8763b90410d61d3408112c98c1ac3780ea35839dad7
-
Filesize
10KB
MD5b103dd873da7e3c9d2ea0e635df4828b
SHA1fb4657185d0eb18055b973a57c4c451be2c4527e
SHA2564b146faf4296a0586bcb8a34562ba214875a3fc7eb1179f55cad9d696156ea27
SHA51286df0066ee43f111c7ebdb4bbc1cf273f121f7e6e7920beb4075c48238418bb4b325be26af23bfc235692d5fb3121242deb4cc6c23f74eb616258a0283291918