Analysis
-
max time kernel
145s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 08:25
Static task
static1
Behavioral task
behavioral1
Sample
8018142d7ccc454f05dc704ebb90d505_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8018142d7ccc454f05dc704ebb90d505_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8018142d7ccc454f05dc704ebb90d505_JaffaCakes118.html
-
Size
940B
-
MD5
8018142d7ccc454f05dc704ebb90d505
-
SHA1
76b6e0b7b125c06d591d374746b7acbff968bd2a
-
SHA256
bfc8ca496e73686480b84d7d6015f4695ff8d075f727323fb9dbd0cae63c53e2
-
SHA512
1209d1b61492b49f67b8c746d6ced753253108a931b3ee50ec17e778ae4158bcc729f64c34219943bc95511d7c40a627ea089a5a35cf6fe03b3e88c4e28e0b24
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 944 msedge.exe 944 msedge.exe 3840 msedge.exe 3840 msedge.exe 2116 identity_helper.exe 2116 identity_helper.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3840 wrote to memory of 840 3840 msedge.exe 83 PID 3840 wrote to memory of 840 3840 msedge.exe 83 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 4404 3840 msedge.exe 84 PID 3840 wrote to memory of 944 3840 msedge.exe 85 PID 3840 wrote to memory of 944 3840 msedge.exe 85 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86 PID 3840 wrote to memory of 2784 3840 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8018142d7ccc454f05dc704ebb90d505_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3840 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1e1746f8,0x7ffa1e174708,0x7ffa1e1747182⤵PID:840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵PID:2784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:82⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:12⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:12⤵PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,18188831077251633781,3804315878370511179,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4056 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4508
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2864
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4516
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
5KB
MD57b20810219619be73ad0ebfabe003631
SHA16f79e89666df08959fbb191c76cc63cdedfd8a57
SHA256d1ff2664af879381a5eb7fc25dc6bf62becc40dd0c0dabf28f158a50f4b1aeda
SHA5123b75a85860bc0efb82d2efaf6197b2cd557987248867f588c0913597a76585e191ed0cd0995ce2047d4dcecb6d465d688acb08200c337ea023431deb9b839973
-
Filesize
6KB
MD530514d35758b4724ad160f38ab0ecf12
SHA1e72e42b01633a006e060ff4a6d762f9becce936d
SHA256b1c4e3c9c32511bf38e73a48f5cff83083902c6fa3f1930b0ef79584a0176ab6
SHA512df6212fe28ce77dcca0b6173e9c003fc5dafad56dcc852b291b0106071f7c7d3eace98c76bdc4980fb3d39aa6e4810e244e2226c437251ee5a4843123490aa80
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5ce52122d41b726fcbe4ea5de33453d98
SHA152ea7bd110a0d900cfb1a244bebecad25ec1d3c9
SHA256ccec5daecfe62fcf6bbb4e8934d0be688c4f71e04c9e26769b34b9c938de7df0
SHA51257796a48ebf3c53b9bc26299c41c5a43e84152665b63acff24749247729eb12e9dd779e002b303d9bd7e841af5fb55d9f11b72f90c731758577e2f7020448036