Analysis
-
max time kernel
145s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 09:30
Static task
static1
Behavioral task
behavioral1
Sample
8044ebf5882ef3be80f8d9764415dc10_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8044ebf5882ef3be80f8d9764415dc10_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8044ebf5882ef3be80f8d9764415dc10_JaffaCakes118.html
-
Size
3KB
-
MD5
8044ebf5882ef3be80f8d9764415dc10
-
SHA1
4b37ecdb78d28ca344402a592501ddcda6abb3ba
-
SHA256
95558ea7fb5cb4cfbbe5d060cf859cde7f19aca115aa1503ccc38a3934549b6b
-
SHA512
330fecc650d6c145150db57e9644d15baea9be156ac5c519d3048d464e2b48bae3d4ece5d84b745c1cbe6f45f3b56b345c32ff309481b801d774653402fafaa7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4456 msedge.exe 4456 msedge.exe 2096 msedge.exe 2096 msedge.exe 4076 identity_helper.exe 4076 identity_helper.exe 820 msedge.exe 820 msedge.exe 820 msedge.exe 820 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe 2096 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2096 wrote to memory of 2280 2096 msedge.exe 82 PID 2096 wrote to memory of 2280 2096 msedge.exe 82 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 1584 2096 msedge.exe 83 PID 2096 wrote to memory of 4456 2096 msedge.exe 84 PID 2096 wrote to memory of 4456 2096 msedge.exe 84 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85 PID 2096 wrote to memory of 3772 2096 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8044ebf5882ef3be80f8d9764415dc10_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0a6a46f8,0x7fff0a6a4708,0x7fff0a6a47182⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵PID:980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:1108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:12⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14828104031224811219,4966492761810458389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:820
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4684
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1492
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD54439714babd2a896110b5811dd671e66
SHA1a1c47678cfc3268fae2fd3c69fe8a75f2d4dcc8e
SHA256b5d8a92887b0c24c47af80386fe5c4e4ceaad429b36822d326d8309e2e06b601
SHA5122426b164fe8a044a73e76cb2d999573f5cbdbf7129febd0d7b8851498c93ba54c25c79d9203b6e8f1ebd78ec3f3cd3fb6e4ade4896eae271538203cddf2b099e
-
Filesize
6KB
MD55c938c27084e2bc563147f4538ad3d39
SHA1145a597ca76790509a2e5cfc75f4a6bb93d20d30
SHA256686257d0fad45ec0d23566917abe595c367397e96126c25a4323058529d95392
SHA512b209d3f9f267084e4ffa560115e68f12609cce8c0b8c667300d1c0927fb3f5f1f51917af85e20fef24e6a9f177c784ef6e5303cdb416ac48d1d3b87700020dc0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52ab40fdc52f433e1ca70f4643d554b51
SHA10a2bf832b6468dae59b63fd2febb19fc95e227c2
SHA25689f7ff093587ee103afedba5133f4fa4e381b1e3db29841ac49e1bc6a37c57cb
SHA512924df77f57e7975a73b8f91593dfc1ab7b98a2fe6da32df03c07295caafa3a905e97e36e853ec1bc6b03bcdb1141457ebc5fc8dfa59dcc35204732c38c02c5ff