Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 09:31
Static task
static1
Behavioral task
behavioral1
Sample
804508896ce0d660a44a9f66a7464430_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
804508896ce0d660a44a9f66a7464430_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
804508896ce0d660a44a9f66a7464430_JaffaCakes118.html
-
Size
35KB
-
MD5
804508896ce0d660a44a9f66a7464430
-
SHA1
113e8c817495546e06407a7cad1da6ccd08c9797
-
SHA256
31ef81b43996a45bb67e54c348486e1f0959e460c9f0fc28d25a519c6a9e24dd
-
SHA512
368a5b406fb845a066b6fe7420e5e8257903d95d523cc1ddc361681f24294ed609662587f2870e2fb638e9a186c4f9c7b26271e55fb7a918696c05f9ce37f0b9
-
SSDEEP
384:SGvNSpHRLAfG9MEFswUs5EUw7eb8zXJdJmoEIicdrwdQhu85eVpnrE27JOxoPvuw:SI0zDSqbEJrFjBHcrE2FHPvH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1568 msedge.exe 1568 msedge.exe 1040 msedge.exe 1040 msedge.exe 3564 identity_helper.exe 3564 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1040 wrote to memory of 400 1040 msedge.exe 82 PID 1040 wrote to memory of 400 1040 msedge.exe 82 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1012 1040 msedge.exe 83 PID 1040 wrote to memory of 1568 1040 msedge.exe 84 PID 1040 wrote to memory of 1568 1040 msedge.exe 84 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85 PID 1040 wrote to memory of 3776 1040 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\804508896ce0d660a44a9f66a7464430_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd17b046f8,0x7ffd17b04708,0x7ffd17b047182⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:12⤵PID:2228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:12⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15578292973653763283,14263820191671262188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:22⤵PID:2004
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4228
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3892
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD55fb4147531811f789eb0fd89b35a797a
SHA12098a22632b666a65dafb561f542d779430a946b
SHA256c86f83591caf7598ddf43abe8362e37eb3b87e8191bcb14d092ade7df5773f17
SHA5120eed8d40ff06798f9cd10130ae19b2aae64cae1eb3fd6967f536c092b8c4a0280e888ff84e38440ea172054b92decb9cc52009d21564d2ec40307aa368daf231
-
Filesize
1KB
MD5fd9f20e4648b42335eec30254afb4a39
SHA196d466a22c42062c10cba79ae519aef5972b1601
SHA256b63557fb986ff1f3e0bfbb67f19620fefc1139d6c1fe3a849c53b89e1f8460f8
SHA512d522d9fa3175bff5c6d10b70d774c1d42d81af1756f0e4455a45f05a510014c2e3eafe2b61bf4688e9fabe1dd2bee57ac4fb0913a1de181273c894332b39ed18
-
Filesize
5KB
MD56b89f18ecf70862f5cd3c8c51e707451
SHA11c874ad1ab99e7a5de9a5498e10ec76e881dfa93
SHA25632e3f4df1a5b3b504b738f2a9d205b898b701a6403730577f3d6be60d9922b37
SHA512dbf6a62a3fec7560db62da65fa46b24d392855c990aa32d43a0c0144bc5aa883a294a413bfe7e397bbf0ed32ba349123a38b281ceca717f4d1c71bfd73198702
-
Filesize
6KB
MD56d9195bbac3ea024e801fba6e793cc66
SHA1e7447802f7de03c18b44358a7a1e9980a5b849fe
SHA25652fcb2d4c1f8747d39923988aae6636642ea581aacf205cee9a8db8f793b9fb0
SHA51266e743f65724238494d1fcfdd458371be53191e8c49141e17b7d69bad2bbc2c34af09e7ca115170b812756451da3e7adcd82eb01e56694f67f43bd6c90213110
-
Filesize
6KB
MD582b2753feb605cdabcc08c7cbbfa864f
SHA180a0094ed4fb2bfbc9ac9a4f1a517cc1e6c50a14
SHA2560e8d0cb2d3cdce511cf7232ab2b25d7cc2028dcc416f8cbe0a8496bc6622e5ba
SHA5129f4f14d63530ff5e124cd68a7ca5ad5a25954fff5fe295df4812175a4c793c8e1f881793ed3d1722e54f8b32929b80c63e1b4783c44e5b6dddc42ab3bfca61d4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5844255563be14d72fdaa1ad3d6c54cce
SHA11a74b00750b4bad11b9262051c62838333a61e7f
SHA25653e02540470c3938b1f5dcb459b595d077e347b7bd142877917ad82946a2d5d9
SHA512d56442b8079b7ded63cd3d2e4d8c35727795163356d8935c63750f5decd259f1ee6d32e9688e4cedc7ea4cef5faf0f1044d5acc2672a1b0d2e898a7b88dd9ef1