Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 08:53
Static task
static1
Behavioral task
behavioral1
Sample
802b3952b40a078f2e10565ae76b20f3_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
802b3952b40a078f2e10565ae76b20f3_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
802b3952b40a078f2e10565ae76b20f3_JaffaCakes118.html
-
Size
4KB
-
MD5
802b3952b40a078f2e10565ae76b20f3
-
SHA1
beabd9a1e315f1b169b5817492f88eb019d3a6c3
-
SHA256
3c97f7752427e8e22e3b933c124bf702515e0ef7785212010d9d5ae2a7ddb695
-
SHA512
13edf8e5b4af8886af9dd6712420e09bf3bbce47f8e45163bba79c356f64359094c0197a19f5f4e15916aa11f5601152bc02b9d11cba6ad965d593e4b4fb5d92
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oZE78Dj+:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1928 msedge.exe 1928 msedge.exe 3576 msedge.exe 3576 msedge.exe 3856 identity_helper.exe 3856 identity_helper.exe 3244 msedge.exe 3244 msedge.exe 3244 msedge.exe 3244 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3576 wrote to memory of 2452 3576 msedge.exe 83 PID 3576 wrote to memory of 2452 3576 msedge.exe 83 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 4648 3576 msedge.exe 84 PID 3576 wrote to memory of 1928 3576 msedge.exe 85 PID 3576 wrote to memory of 1928 3576 msedge.exe 85 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86 PID 3576 wrote to memory of 2784 3576 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\802b3952b40a078f2e10565ae76b20f3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3576 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa80746f8,0x7fffa8074708,0x7fffa80747182⤵PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:2784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵PID:1036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,14344408144887040288,2784144776611329521,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3244
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:212
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
292B
MD5b9ca6e19028d7a54652ce50d8f530dad
SHA1ba22eabfb1c65d1997d96713d02c1bb11b48fc27
SHA2564664a138376cff67f7570066ff2d74ba91368f56ce2c9ef592f0874d705c2083
SHA51277e285c90d548a3fe0ba707312a01051c71e6fe28cb3523ac1246f0b578d3a25c44b7a47a925bdf4a4d5682d9a7a68eaba0ed176c6fd445fdfcc861c3e1351bc
-
Filesize
5KB
MD5ac1f2a54122b7e1e15fc6788140e85f4
SHA15ad5c5ae98562a0f4b0ad815d44b71b6a530e62a
SHA256591da8136281e752a3b9adfe51343020d8600b8bcfc87d855eabd1e1c8cddb88
SHA5129b0743ac3e3a7f540b29004037b8c7748872abb797cf4b725936a089ef78f21ac1ccf9497501dca3c3f48c58faeacb2cf53aaea3cf4f3dd5541b18b81c36fa9c
-
Filesize
6KB
MD5f4423b15d07589cdeb47779c006651d3
SHA18693a404f80f3d8e316b6a73792e427614000387
SHA2565a5bf3e52c75692141be07b05871532c69124eb72820ca4ac000a7b07c656491
SHA5125eeb1473d4373576be9a85f62cfaa03e657e200a4c6fcd367501f2bc890012ef0663665cfb641ee384661b967f1b20b68b88e9123c53a82cf1ee665925053027
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5ded4d47bbb9504ed4742d0b30bf4555f
SHA16de4d734f9cf0259dd13067e24096aa3ce6b1743
SHA256837b250df13f94327fb29a09b9673eb5c0fab6a4fbe3eebfabf36e154a061042
SHA512557d79be2b9ea028194f812fbddc22d48cb7c3a34e4496b1638b47aa5fd47cd03e747389ad6364529aefa4a3ada0de32020f2f64ec81b1452928adf8dbde7583