Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 09:31
Static task
static1
Behavioral task
behavioral1
Sample
8044f3ea04c30529b56746020abad6f9_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8044f3ea04c30529b56746020abad6f9_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8044f3ea04c30529b56746020abad6f9_JaffaCakes118.html
-
Size
40KB
-
MD5
8044f3ea04c30529b56746020abad6f9
-
SHA1
5272fe5d57cf45a17dcf9e3630b8fe3a175d3ebd
-
SHA256
1597a80fe5008487d4cc07afd1c192dc87b83cafb7d7a2be4c53ad39d97ccd27
-
SHA512
feaba73dd20df339f6c97c8d990f16178188e04cabd8eadcdf3f3c2c2d30f06cb92a5bb0a68c22ff762442aae737344f02a62fad421407e622736524f6812b9e
-
SSDEEP
768:bUMDiXKrC2ZIv753Bcs2HERNQscYKDr5gAdjdNdjnfHdMdRsBUXIkel+:bUMRZIv753BcsbQTPDr5gAdjdNdDPdMh
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2552 msedge.exe 2552 msedge.exe 4856 msedge.exe 4856 msedge.exe 4852 identity_helper.exe 4852 identity_helper.exe 4632 msedge.exe 4632 msedge.exe 4632 msedge.exe 4632 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4856 wrote to memory of 1008 4856 msedge.exe 82 PID 4856 wrote to memory of 1008 4856 msedge.exe 82 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 4680 4856 msedge.exe 83 PID 4856 wrote to memory of 2552 4856 msedge.exe 84 PID 4856 wrote to memory of 2552 4856 msedge.exe 84 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85 PID 4856 wrote to memory of 1080 4856 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8044f3ea04c30529b56746020abad6f9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaa6046f8,0x7ffbaa604708,0x7ffbaa6047182⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:82⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:3068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5804 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4632
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4084
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1104
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
5KB
MD59c06f1e0d1fc950b914e7df852b9b85b
SHA13cf3dada95bba3a84c64e99c7aca06bade9bec0b
SHA2566329d382c0dffcea1bdab8e820ab5303d2e8c443b4dd20f1fa6f45a28b1118c5
SHA512789225f669f081c5748a338ade8c7bc441b80cda01f88fa0022c42558b472596a76237a0c38b4640042d8949fe36d3be027d14217e5060e695ddd5c060778d93
-
Filesize
6KB
MD52cf5c0752a7fb29f3124fd6a01e1ff26
SHA1f615169f375f0d3f5dbd52db97331984b986f7fd
SHA25637f1fc0caeae3657c5686ab40858eb691bbad5deaa475e1880fcfab5b0f88516
SHA512318b511e94572791aae2c2305dd4c9bdc70ad22d3538ac4eb772e39cbebb25e6ccc5345c97c1909faab9aa1ec97deaafb289cb53d63e706ddfeb6c904a75d72b
-
Filesize
6KB
MD56b4ea3d0a160360eedd81427109ad0ba
SHA13a4b3813ba416e440b900099753650762721d4d5
SHA256087c396a4ced61708d203ebc9dcfe36e6616a01da7f13c29d55c481f5c2f83b2
SHA512dfe888b389a859dc45366f11a7b5d53c8f9bd930cc78bbca1131cf149eb48ad412cd9829876fcf4301c6546454162ac043917a63a8ae3461de402d19011e8c71
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5bc03cd5ef3a5f622c9bb36a86e9ac1cd
SHA1a7d7fd73df984fb3adf1f3a11e31cd83afdd9f41
SHA256e72a1d4acc3e9276b1d17b1aadd027f1ef0ac65c01083c27916e661ff249e7fd
SHA512c1e304c4127f6dd1985a6c3128c32e52ae84cc6eff82657351753628253c232624723801cec2d3ebd3bac2d6707f0f1fdceb779422e3c7b93c8572d840f1c0c7