Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 22:24
Static task
static1
Behavioral task
behavioral1
Sample
888fcc6c4ad08daaaffefd5c9495f975_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
888fcc6c4ad08daaaffefd5c9495f975_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
888fcc6c4ad08daaaffefd5c9495f975_JaffaCakes118.html
-
Size
13KB
-
MD5
888fcc6c4ad08daaaffefd5c9495f975
-
SHA1
7067c27d3069aa02a4709241411c8137f453daaa
-
SHA256
82a3cbb0c1f045a07f42668fff527703c198d19d4568c58670a5be32c0be2735
-
SHA512
a617c5e5521874ae897158a3236e2cb1ac0410b78b5542bc49866577ab78b98be38817615acdf50d5d02e27829967ac75b36aa11e73949290b796fad92093218
-
SSDEEP
384:3c6qPVfPXnu4FKFrBNfwtOeqxRXEzuEm8VjmFP7R9k:3cXNfP3+HxezuwkQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3028 msedge.exe 3028 msedge.exe 1792 msedge.exe 1792 msedge.exe 4644 identity_helper.exe 4644 identity_helper.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1792 wrote to memory of 2624 1792 msedge.exe 84 PID 1792 wrote to memory of 2624 1792 msedge.exe 84 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3532 1792 msedge.exe 85 PID 1792 wrote to memory of 3028 1792 msedge.exe 86 PID 1792 wrote to memory of 3028 1792 msedge.exe 86 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87 PID 1792 wrote to memory of 4244 1792 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\888fcc6c4ad08daaaffefd5c9495f975_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1792 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffaef7f46f8,0x7ffaef7f4708,0x7ffaef7f47182⤵PID:2624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:22⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:82⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1051568988061936535,7271191938286708541,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4464
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2748
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
308B
MD50307db32bd11c0afe2e21f484de8f66d
SHA186ba246656598b11bd4fcb127c1ebdd2f25a4dba
SHA25640c863104622895362d47346912e5213d9c99b39163af9f3cf4eab8574436f4c
SHA5125a05a8b4f777706053367ae38e3c3ab7ae7732881799d0b4d5cd86bbebd6897049112f1db025c134179ba3125c36eb52c63f94a40efd8d7dddfa19291f8035dc
-
Filesize
6KB
MD5c948e6bba9cf78e175dba9a53248f283
SHA19d8a96bdfaacd5dd59bbed2037af8f98d3f257e5
SHA25648ba3c28699c57ded4a29572b59989966034bb1c223bdf59672f5bb775e38484
SHA512b28cecf19ed978ad24cf63f7a4d4a5ace172863370a071559c6260811ffe3d92a571f9a86e0cdf8159cb2363865bdc480fb39a4f9dc7b9c4c0b93768e0f797cd
-
Filesize
6KB
MD54ef0e0a484b5d3dce6e1da8d33f728df
SHA1b2e6f1ac70d55821dcf5e74310ee7a783fc832c0
SHA256f833b8dd2e3ae43b7d17cf78bf9781499b614be88c6c12a1d23d18ae6e03adaf
SHA512a3cfa9859427bac21b95a7fb32c836c3e10b56b4b177a7ae850428594ccaa28b1b9fd1ffba498e2f2d0900d247ffbc60a869fdbab14460144397116b47a7cebe
-
Filesize
6KB
MD5f530727fffb3e79573dc6bfbc6e148af
SHA1630e885a6b2b39efc5640bfff869a41e1d2d79ef
SHA256c34305da66508f07d0a87a9124736630c4d198cd90fa6551200abad6f6e5f20e
SHA5122d1b5e34299935038d213159931b0f6380e633d978db691cf309c1aa81e124568953fed264fe40bd1f1466adecb6211066a279153d66ae013ca3a4f23b1590c0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5fc03380fdc863f21a20c7a90f3100896
SHA102c7da1b1ce4db019981d2542b2d46d61737f0c5
SHA25661a498a2892032988b5be03509750ab4d29f0ad5152bbc4fa2bd4db7742dde26
SHA51226e9e60f79d81f1fc973a3999fc13cab05e9eff38750388cd8e1586e4a983eda4bf3b8d1e5337e217e54bae509cd175340ef19c290a3e921677b81eb2361bd67