Analysis
-
max time kernel
145s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 08:54
Static task
static1
Behavioral task
behavioral1
Sample
802bf6541d6db0db8bef16525971d867_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
802bf6541d6db0db8bef16525971d867_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
802bf6541d6db0db8bef16525971d867_JaffaCakes118.html
-
Size
19KB
-
MD5
802bf6541d6db0db8bef16525971d867
-
SHA1
9dd00ab574a26f80afbead96197cd1168f3c77c4
-
SHA256
673463ef5ad8e7014e96551180f54af1982dc3f41c50fe2046210d3b75ab6367
-
SHA512
ee66c3c02380ecff86e6b36b6a9a32e8715a407db49f7cd0c398484061d2cffd95622d7e544207307e690d1c68d2683df43e992c0f7eecf82689592c55882a01
-
SSDEEP
384:StWBRhst/Hw9SIxxQaxSHBROGJAF6qfIxjgD8mTXA2a6lCB8:SukxIwcF3kc8mT/aUCm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3892 msedge.exe 3892 msedge.exe 456 msedge.exe 456 msedge.exe 3608 identity_helper.exe 3608 identity_helper.exe 2036 msedge.exe 2036 msedge.exe 2036 msedge.exe 2036 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe 456 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 456 wrote to memory of 4204 456 msedge.exe 83 PID 456 wrote to memory of 4204 456 msedge.exe 83 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 1896 456 msedge.exe 84 PID 456 wrote to memory of 3892 456 msedge.exe 85 PID 456 wrote to memory of 3892 456 msedge.exe 85 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86 PID 456 wrote to memory of 4452 456 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\802bf6541d6db0db8bef16525971d867_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:456 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d647182⤵PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:82⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:12⤵PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5931217964639863061,6098908550721531757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2036
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3972
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
507B
MD5ec48297d7307f698b1c9a4976d186b49
SHA1016128f03fc773fd8b8c63f18866447c5abc9b2d
SHA256a741c04db546c1498af30bed299d9cf560eb11033466e88cfd9798471b2caeb8
SHA51291519d3f05cf9c86f09114bcd34f078c62ab07862d175ea52ef9cd2d0e60cf048aabdfdaa10fc5f00ab895d44c455f67fa82ddd2a7f1f657327580257d2665f1
-
Filesize
5KB
MD56915fe5a4975b8fd89953456c66637ed
SHA10a92d1738411126448b8fcf18149bb060842ac09
SHA2561e870b286242e03712cb0f6f05b251a944a5b7a41d7da03684083d519fadd84f
SHA512a935a767bc3b47c21ada9b0c78dfec8c115bdd60cab555ca5ad2a6da4737f097fec09064296513a60eb46f3fde900635061f315ec497c5d8d038a01d2b9ff6f7
-
Filesize
6KB
MD5a5e55215c8e26d9a3ec4a9b75b3c3264
SHA1d305e493c1ec92243807fd2f8763bf0626fbdade
SHA256a3b93bd30b1fe4c4a02ea770eaa72400d09baee72824c711a4e582e8546e7304
SHA51256207822c8bf91069642fa577a4803bd9a30c4b06e254f7773c5b1c84c23e3a486d0a3e17139b86e4dd9c3d004436766d286a01847115c36fe01e75482d59745
-
Filesize
6KB
MD507f0fac86dc791a8a7fa58c7b4a883fa
SHA1cea45929137a0dcf623ad376faf471c8e13cad66
SHA25699ca95fb2a0d2b0ca1845b03ff8761c854e213bc8fb6adc07e4cdcb09f1b2c27
SHA5122cde238021a300b2447bd4b23210227ca0717fd27d6a41c9b8b3dfcf0edd999ab37047e6b6d882fbfa23690cf8d6302c58448b26f163227058ab3601f524d64a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD548025bfcff2d53a53cabac72c7b13a14
SHA15d4141d92d635935cd1c37c138689bf50d009969
SHA2564dcafd95fb29c0b6f5e48193d3d8d72eb7b98d733f55e9bfba6aebe774eec0f7
SHA512fc83b4b03a2953c5504af0ec7cefc7f556e614ef0a87532f7055d741ca7b2298957d39088368280c5567617ce545b44ae125b9f16034d557d6804c0fd7169db0