Analysis
-
max time kernel
145s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30-05-2024 09:31
Static task
static1
Behavioral task
behavioral1
Sample
83bcfde5ceb4c1969fc4e77163fdf074_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
83bcfde5ceb4c1969fc4e77163fdf074_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
83bcfde5ceb4c1969fc4e77163fdf074_JaffaCakes118.html
-
Size
23KB
-
MD5
83bcfde5ceb4c1969fc4e77163fdf074
-
SHA1
e06f08fa66d90034595096d5a8931a3529b66350
-
SHA256
4baf079b54f005681de0ea51a90c8d71a26d5d49258af84e058ce28f5ea6f466
-
SHA512
e3346051da05c6727e1a88e3307ccbf787563f7ff26ee939151ed4ff60427ad66cac6c5d363bbd69cc5531153979f5afab32eab509d48c58d03c0bc06170e4a2
-
SSDEEP
192:uwrAb5nO2nQjxn5Q/JnQieMNnWnQOkEntnrnQTbnxnQHGLnLnQtaqMBsqnYnQ7tk:XQ/GGnmSi
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 60 msedge.exe 60 msedge.exe 1088 msedge.exe 1088 msedge.exe 2516 identity_helper.exe 2516 identity_helper.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1088 wrote to memory of 4864 1088 msedge.exe 82 PID 1088 wrote to memory of 4864 1088 msedge.exe 82 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 4832 1088 msedge.exe 83 PID 1088 wrote to memory of 60 1088 msedge.exe 84 PID 1088 wrote to memory of 60 1088 msedge.exe 84 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85 PID 1088 wrote to memory of 1316 1088 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\83bcfde5ceb4c1969fc4e77163fdf074_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1088 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff99546f8,0x7ffff9954708,0x7ffff99547182⤵PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:1316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:82⤵PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:3904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1184303757554386580,9355236553067166848,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4420 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3672
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4420
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\78fa161f-fbd5-4d98-a474-673840b9bcce.tmp
Filesize6KB
MD57c98feb07fe99f13e05d186c13b925b6
SHA1c0500b673112e72893e53f2660ae39cbddf4def8
SHA256e2179c6c0f28de20801b89d068249557d6c5fe19f56df42c45fbeec30451a5a3
SHA5128392f769f3ca59f69b542ad7fb466673da3b9dfeceb6d6de5d85eb656de1ca8ee0468b6d7fd7de328121d54cc60f5d26b4dcaac2126e19df5c7f6eca70ea8cfe
-
Filesize
5KB
MD5b15f05dda0165b4d1e34a15168f78d54
SHA1bb2612535789c1c781bdf7feae84a42a84ff66a0
SHA2569aa1019b12c7a3d5796fbf094e746eca972538b5a9fc4edb2bcef54b722594c9
SHA512d32c09309ca9ee599436b0dddc4528658e2ece9513d3e1169321887783f8e7067c0c8f95bde510525f76d0bf7ff98689a28c81205bde9ca5672601541d39058c
-
Filesize
6KB
MD5ce528f279a7a9a5ff1d0ae8d770f3cf2
SHA1894e20bda3506841e3db552b1db30f3f4056397d
SHA256f7e7264d0f6fa0bdf8a397aa2926b22f8cf2355e86ae613b372de67cdaa00af7
SHA512b380eea6958782e92366838b6c4ca0062830acc9e1d274ac016ef1d4f6694d0117700593f0c9aa86449babfd75514150a9d510dea8d77c40d6de98399ebd25c0
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5a9e7e88f5672cf841720f425670c7b95
SHA1b7aab8e81382f771929c875d561295a5fbb6b062
SHA256b50099b50ee6abd6ded25d2b6cc6775e5c6655bca77426eeebb73eb1475a84d4
SHA51260339cb26ca651694e1c98576b81bfd4dfd6a2e06fc9f87dd8534e12bcc8556784f216d989d669df4e980514e7c532c41935cbd96bc16f4f82b8fd9e868dcb74