Analysis
-
max time kernel
149s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
30/05/2024, 13:57
Static task
static1
Behavioral task
behavioral1
Sample
84626f1b3bcb4c69ca7142a0df0fb6e2_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
84626f1b3bcb4c69ca7142a0df0fb6e2_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
84626f1b3bcb4c69ca7142a0df0fb6e2_JaffaCakes118.html
-
Size
332KB
-
MD5
84626f1b3bcb4c69ca7142a0df0fb6e2
-
SHA1
fb84518002f713c58fcbf5e8602978227adbb121
-
SHA256
b389717209dcd81c3d93782b8118637fe3f21a39fad1972e8c741918f79dbe69
-
SHA512
531591619496d944ad65d524d5f2b83f2619c40a5548d2fa25a512d3339152af16e496498856e24e0a850a2b129e275c0d31728cdd968df6666ef9210f4925fd
-
SSDEEP
6144:Y8SSqxEPKXRLLnmHYd3RlwFyocHC6lKS1vFZ/:ktD38FA1lf
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1392 msedge.exe 1392 msedge.exe 868 msedge.exe 868 msedge.exe 4548 identity_helper.exe 4548 identity_helper.exe 3508 msedge.exe 3508 msedge.exe 3508 msedge.exe 3508 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 868 wrote to memory of 3744 868 msedge.exe 84 PID 868 wrote to memory of 3744 868 msedge.exe 84 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 4504 868 msedge.exe 85 PID 868 wrote to memory of 1392 868 msedge.exe 86 PID 868 wrote to memory of 1392 868 msedge.exe 86 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87 PID 868 wrote to memory of 2896 868 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\84626f1b3bcb4c69ca7142a0df0fb6e2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa445a46f8,0x7ffa445a4708,0x7ffa445a47182⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:82⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:12⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵PID:2308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:82⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:12⤵PID:2076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16150465494836205209,14757953114966813276,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5300 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3356
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1380
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
926B
MD59ce3cc8fff9393fac99b6e4ee0b6198a
SHA1f84f451281b142bcd759cf4c437adf9ef40d471e
SHA256cfaaea698020933f8762f0e9e5ca0b8e607a99ee379d6a8c413d9954724997dc
SHA512d26406dffce2cfbbdbc68c7db2bb29d9996c50313370cbbb0d7235bc1c50e33e16367a193bf6dd3c3d4c4ba593f05e5336047528e7371abb170117af99f65b9d
-
Filesize
6KB
MD5e6123c539e2819720af878f7bfb9ec08
SHA15cf8a0bdfa67ee452a457cf2c1af03106798c80d
SHA256b445e31b13ad13e566777c29c74b463eeb384cef75b770f4984b260968847f54
SHA512c33606eb07faac80d5edde7652b675dcd169651a186982d135606b52101dae060d52786fb9eea45d43eef5f1014ac986bf3ae29ffba888f14e52dcbd5f318405
-
Filesize
5KB
MD58030c74747c70dbacf5b8d12d01ba18a
SHA1c53602de629c530a3da39954f3b47e040b954850
SHA2560ff8da7c0aafa8a0279bd2fb045bd8c598320ea1684a95480f46032bd014a4f3
SHA5121f3a30c03a37553ff7401d9fd3dbf0d5b4e7dd06739f3c269043da841e6131b2d132f806f647f4d770541c1d264df1fa8b5af30ec6981e0b7bf0f7b237a61a78
-
Filesize
6KB
MD5f2c2f7aeb6404ecafb698dec2ca93993
SHA156711d5d76fe10873ba242fb4f7212bc06a687e9
SHA25619e4e1d9994e6b9274fd0450bb5afbd241cf01c54add9bc11639b319004fe8b0
SHA5120cd607e6a24dc3a2eeb0b212e576203c7416f88bac18a16ed6682e29010a67c517fa443af9c0c1c91165b3223a77a7ba6f99eea9b62b193912b5bf56ae448753
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5651ef92e5d05d02bcd8e918bb5ee5056
SHA137c68abe0e90e949fcc6d25a770b9b64a2c8ba48
SHA256562554cc7ac29403c61aac43165822e3ff59f39f6c06d35fd0127c27d0aab3af
SHA512d8a7f971dd30d01b22e1bb9c164dcfd86fa652724dbc0a369eaa2c5a4257eb745ab97d7e289dc999812691d4be3fab106d0d773e738fd57a26ef3d99cc033cc2