Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 08:53
Static task
static1
Behavioral task
behavioral1
Sample
802b9f4abddaf74c22691055c8a9360d_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
802b9f4abddaf74c22691055c8a9360d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
802b9f4abddaf74c22691055c8a9360d_JaffaCakes118.html
-
Size
77KB
-
MD5
802b9f4abddaf74c22691055c8a9360d
-
SHA1
4362befcdcb28f35434bf65b9aee06c1a468c1b1
-
SHA256
596d776abb2c73c3fc62bc0ad4d7587dc17b38359e99f1e31e7ad7497cae6b1b
-
SHA512
912446007f36cfd5434203ca774fdc4a70070c6bf674f35091e087de1131a622e81595de8e3c907c6284a2198d408ffff4efd8506f74b99ab332857b1371afd9
-
SSDEEP
1536:4w6+XPQwEr5CSY9r/qE7lI8VhkXU8Q5gQ/kTSmmksZcl1TQc2KjTpJ6czav1r+jg:h719D7lLGU8i/kTSErQc2Kjf6f1r+jXQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3416 msedge.exe 3416 msedge.exe 3700 msedge.exe 3700 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3700 wrote to memory of 1020 3700 msedge.exe 81 PID 3700 wrote to memory of 1020 3700 msedge.exe 81 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 2652 3700 msedge.exe 82 PID 3700 wrote to memory of 3416 3700 msedge.exe 83 PID 3700 wrote to memory of 3416 3700 msedge.exe 83 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84 PID 3700 wrote to memory of 320 3700 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\802b9f4abddaf74c22691055c8a9360d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b8947182⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1008
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2564
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1804
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5826c32468a8b5fae06fa967df5e0aaf3
SHA1f14a88e236b44db7ea498aa585282b43f1ebd1e4
SHA2562581b4b57b6d6bba3a0fa126fad03dc621f44ae8c811c7c9cb4514f79bd7631a
SHA5128b96d8dc3bee2e00427aaa434ff485fd84d4ad4915ebd641f87bb4f7ede2f317755d712662827a81d24cf933f6e8cd44f64bcec9620f22141c740279e4666d36
-
Filesize
1KB
MD552f7c49e25777dea89931052301445f2
SHA13e92d383863b4809772ea3c0c1f6bf8da6aeb0e6
SHA256556876cb7c4a137f0acdf85ffb739f9ba90278a45881651c870f20ea63ff81e9
SHA5125c4a688e33855d6fb9a157f8af1a4b731c3dac98dda5da0447380f8258824d8c630696e9410b6463fc2b620368c183bd3889e317fe2f83d1017b03dac89ce750
-
Filesize
7KB
MD51e3987448ad52170e28c24e44c7b26db
SHA1fe488abab3a6a7e5ddd0ad936f1ff40779653ec2
SHA25612f735486b95f9865e0c15f6aab7217914c4aae6586b5a4cde14071bc16ead42
SHA51249abe635f688d89859eaa49fa6406b56e7f89771b6f029cfcca302b313ca47127738ebc5481c840b8a90bfbcc98b1b088c624515801872b6b155e69984b0e95f
-
Filesize
5KB
MD567b6740e76f1d709cffab868b8e9b245
SHA157cb2b0c1642a61f339affcff1d75bd5f0f9dc35
SHA2561cd6b7b61721cae347ecc81de0f8fb8739e7c6e906a1c734a1045f07fdd8a173
SHA5125b4dee0623782e510e3c5ce5fc14784624cdb0f3943e14fe149e960529fe053e29f1d96d798481e3a895826f6da1e44e41af775e95fd4037e6de9c64013ad417
-
Filesize
6KB
MD5fe0cb549707ea4d4e968a839e6571b26
SHA1cf0b1045d14cb4f07b5665b0d385598903dc358d
SHA2565812a593571b095e62330fe962dde4cb374e07e6528e6cc7745ff649362bbc9d
SHA512eedbd859eb0349d8f60ef3010088377847ed95f991ec04a047cd0783685605cfa2df0005f17254dfc1faa9c82117b0736c068a921ccd490424f75f5802b7745c
-
Filesize
10KB
MD5face591d6b6fe63f34e02520877a9fa8
SHA1f4b1b477a5761b92e3b4e3163bb8c2d6f86d8574
SHA25642812f32edad742986c40b43b3006836b40cef14166fcf74cc48b6ac26c00ebb
SHA5128b3e9eb0cd68a2fdec749d251eb6071108efe917184e7ccb081cc4c7ebde68310d8c8fd60cf40f0ebc62614e60d18fa78f539ca437edd9efba3c156da843e16d