Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30-05-2024 02:36
Static task
static1
Behavioral task
behavioral1
Sample
82c8a19b1aa4a9f82d9a52b54d7ab465_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
82c8a19b1aa4a9f82d9a52b54d7ab465_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
82c8a19b1aa4a9f82d9a52b54d7ab465_JaffaCakes118.html
-
Size
28KB
-
MD5
82c8a19b1aa4a9f82d9a52b54d7ab465
-
SHA1
e6fb422f43afd4501bd87819fa6f283122db68bc
-
SHA256
ab3047bfdb759e8d840ae4277a0d8c0d321a71f99a93ca43700a9a427b63f6ed
-
SHA512
61cfe7a98b876cdb2dfeae2d1656c6ee4d8eff8fb1c16ec94e0701b78bce7f7cf3af27d67bc0e0a951680f08ada476838c468d4974ea2e09d6c16936f4632869
-
SSDEEP
768:SfzdsFqvfudlQVV1C5m1CCCcmzm3C/CnCQGNz3EbbVz2:SLdsFqvfug1C5m1CCCcmzm3C/CnCQa8C
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3160 msedge.exe 3160 msedge.exe 3592 msedge.exe 3592 msedge.exe 1960 identity_helper.exe 1960 identity_helper.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3592 wrote to memory of 900 3592 msedge.exe 82 PID 3592 wrote to memory of 900 3592 msedge.exe 82 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 4860 3592 msedge.exe 83 PID 3592 wrote to memory of 3160 3592 msedge.exe 84 PID 3592 wrote to memory of 3160 3592 msedge.exe 84 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85 PID 3592 wrote to memory of 1520 3592 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82c8a19b1aa4a9f82d9a52b54d7ab465_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9903a46f8,0x7ff9903a4708,0x7ff9903a47182⤵PID:900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵PID:3244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7126986325154633701,6305676695253517827,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5264 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4424
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3780
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1080
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
188B
MD5f395994eb5a00400fb59a4ce30fd4c81
SHA11fdb922dc09e9e9d0701463f24a11bcb7c6cb840
SHA25617a073ae6728a86a8884b44cec0fe42276b9e31bb417a09b122888812289de40
SHA512b1cc483f48610540f3fff219873bc154b7174621352a008f175a4eb6408cde7152bb0c7b48dfa57a35f34632e3edbc97e2bf4164d1739a2545c0aa0a5b896ad9
-
Filesize
5KB
MD5e3580f005621cbc06e0a47880589f23d
SHA192d364066a0fdd6bf1f34fc1f54d66fd69f8924d
SHA256e05c8f69b360c34401cebb32e309fdc11fa7320d371858122b0432adb6b534e7
SHA512278abc91b9118090db66a843d0ad60c7e1476941b5b311a69506ad665d23ebd10d378efeeead1f6af9071ff3e2e4f67b5405271a0486745af36e4189790a4e4d
-
Filesize
6KB
MD52fb823e39a04e75c5af2df31aa4960c8
SHA1ca08c8bbcff4b5044783342e6a0021f60d961a0b
SHA2568fbc660389595d8f50ee7581ce71b8cde987e73cbbb5c6a14edb09a07b9a824c
SHA5129563869bb77092a4217b77823b29e3699dee1946d007771048f93bf807884c4a66d34fb0ace95229693ea73d1d427fbad39ba0a89a584eeb9cd8663eaa116f91
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD50e1c3b8290f45c36c056d2a05e97e93d
SHA1b16d7911b05f4a58ae158697644e52f125f0a2c6
SHA25683c7e29df7e7edf18840b9b49e2023d3eb328e91b571c0dc6946fe5f4998690e
SHA5127af3cba23fd33a788b3914ed14b15777b5c156fcfd5eb1776fdf9fd088fb0ca76d071b2158ee0cad54d75f7aebf8113c235aecc96e0b0297487634bc37c7cb7e