Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 09:30
Static task
static1
Behavioral task
behavioral1
Sample
8044dbb02cc86d3b196b74a33d2d6541_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8044dbb02cc86d3b196b74a33d2d6541_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8044dbb02cc86d3b196b74a33d2d6541_JaffaCakes118.html
-
Size
51KB
-
MD5
8044dbb02cc86d3b196b74a33d2d6541
-
SHA1
3e69aa3e78626547263ac84fa0012de76f979fac
-
SHA256
c8691856aa448369a2d069d1a9989e0cd85ef8cb3354cd0d727287a8bbb86f50
-
SHA512
a6c07342a18123ac088032c9403be7f2461ed46899f03a6a6616198c417cac18c7cc515585739972531a0d671a5f6ae5e84fd0ffdba786ca82da481f54247d35
-
SSDEEP
1536:/2XjqU1MIGpvCzRCMl+wdVmd5H8nvBwkFUN7e3:A0pWnJwkFf3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3492 msedge.exe 3492 msedge.exe 1028 msedge.exe 1028 msedge.exe 3696 identity_helper.exe 3696 identity_helper.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1028 wrote to memory of 4288 1028 msedge.exe 83 PID 1028 wrote to memory of 4288 1028 msedge.exe 83 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 4744 1028 msedge.exe 84 PID 1028 wrote to memory of 3492 1028 msedge.exe 85 PID 1028 wrote to memory of 3492 1028 msedge.exe 85 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86 PID 1028 wrote to memory of 3008 1028 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8044dbb02cc86d3b196b74a33d2d6541_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb685f46f8,0x7ffb685f4708,0x7ffb685f47182⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:12⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:12⤵PID:3908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:82⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5535099750648784847,11176523556449568579,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3992
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2412
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD57880017291e84a248f5371095add238b
SHA1b5ebfae287cb41e7303a7da5e009db86ed4b33d5
SHA256b90d0e64af82a22c14a15c1dd552eda26672e8b6d13501c26f660777c9f91658
SHA51251bacb08a476ca58db063c574e8cc7396d0ff66fecae555f7bd5253e978c72716a007d24b2f8d7968fc942fc9589b4dd490b70b40a0d56a151e8dd440d040efa
-
Filesize
1KB
MD5890ea551ac1583ddc8739fb95f235045
SHA1a6816f0f0adce040b069bfd867bc3f859644e72d
SHA2564717a3d8b05fc8f9bec5c0bb37ad7709a4294834b418f343e5d67c7d8ff55a32
SHA512db0d47525ad6f054bb61bb29f2dab0e880e7514f053bfa29c845d4cb6650fec855f7b0413ace0d421ba07c9121593b0b565f1b5d18c06fe66f709701b5ecb34e
-
Filesize
5KB
MD5e4f9ce12ba569b30c1334dd8cfa4e028
SHA1320755b25e28acea014294ad68f00fe4491e5bbb
SHA256c19d42dc2c6351131cf7f2a180e98cfd3a993c702301baa2da2acaf4f6c4b9cd
SHA5126676787583b787d01380fa9d7c107fbc484fcc961ec5737424a2315518371eeda9d9b57724cb8c6d47051f0c26dc6f5b7b0d7badd316e61d4e58cd4cdab9cfe2
-
Filesize
6KB
MD52a7ded7a0b824a61a2928a8bd7e4880e
SHA1c24a3bd1c4ef9e4ba7ccc1e87ab0cea4502be158
SHA256fc93ae7a0f09d0e3dc965ca0a382897a7d5ce66dfd107a5fd6e0c8c8eedde0a4
SHA51225ba3c7c039111a363b172f1ac5d74bbc438adfdd3fd00cecc4085bca8d958e501719984a3483bc5e60a5a25d5f92c50ed5fc3c359fd2a9e7aa43b3987e37e5b
-
Filesize
6KB
MD539378fe1c2d2df9d40f2c3d66ee73630
SHA1538da93be04a851f4262779a5c661eaca4d28c4a
SHA256e489cdd7b2a08b32405cc850f7cbd24b8f84b097e2514464b6308f0152025faa
SHA5128ba6bdb90fb31051f0445609ab4326b5e58a164191498d7b1c505c8b24ecee4cb508883f23ec73cba2df1496ccf6a8893a066a77ed672cc2df7f5463148ff57d
-
Filesize
6KB
MD5c967ea368f496fe7e8ba6da58bdd4bd2
SHA16d88cf7dde3f032e81b10847330ac58b3e066a16
SHA2566117b0baccf1ae0783a27d0637cfe689459186d4d03a65de52b352511e443814
SHA5122c2df7a915b9571ece028137a380a8c88007419f47b23a2dfc217b90c35fa9b8fad5c666cb1edb284fdee1d68a8fbbe7289294c8d9c567ba88328a94888e685c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a0b2f31e42e5c4e98d642c217ce70605
SHA1ebc7180c6f77e7cc240e3e5cc7ddaf3afc76e3c5
SHA2569e8d39ab2e555c7bc513281010050bfa1b2642d2ce2782aa9beb52b4a4608a82
SHA512264ccafc05a14ed97c284acb93c14ba14a574d3e8da0f4c459fff4e532da5a3925fb2e7623fafa5fd7631ea474de44fd01cb419e704992e1e878a8c19315d86b