Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 03:23
Static task
static1
Behavioral task
behavioral1
Sample
85d903398d6034bc8feaab55ad02031d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
85d903398d6034bc8feaab55ad02031d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
85d903398d6034bc8feaab55ad02031d_JaffaCakes118.html
-
Size
193KB
-
MD5
85d903398d6034bc8feaab55ad02031d
-
SHA1
e02e3481f65787854bb22b4e47a49f4bf5376488
-
SHA256
729c576a6acde71c8e1a65aface6681413bebd7354151e70e06a670e175e56a8
-
SHA512
9b258a2ddee013c7fe8e09811d9077e6f590fbcf7ec5e32a0e4c7dfdfd018a24a52f20d7bd77511bd8641f40ef4e81eda37fc76c73201b1f779ff38d9551a083
-
SSDEEP
3072:SzgZkyfkMY+BES09JXAnyrZalI+Ye47uM9f7UL:SkZpsMYod+X3oI+Ye4pf7UL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3792 msedge.exe 3792 msedge.exe 5036 msedge.exe 5036 msedge.exe 408 msedge.exe 408 msedge.exe 408 msedge.exe 408 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5036 msedge.exe 5036 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5036 wrote to memory of 4040 5036 msedge.exe 83 PID 5036 wrote to memory of 4040 5036 msedge.exe 83 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 876 5036 msedge.exe 84 PID 5036 wrote to memory of 3792 5036 msedge.exe 85 PID 5036 wrote to memory of 3792 5036 msedge.exe 85 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86 PID 5036 wrote to memory of 2968 5036 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\85d903398d6034bc8feaab55ad02031d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef95246f8,0x7ffef9524708,0x7ffef95247182⤵PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,18160035836769869677,8330377625986289851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:22⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,18160035836769869677,8330377625986289851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,18160035836769869677,8330377625986289851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18160035836769869677,8330377625986289851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18160035836769869677,8330377625986289851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,18160035836769869677,8330377625986289851,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:408
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4676
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2808
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
5KB
MD571be3695aa937f27be429e4ee05d879a
SHA17be100eac2e32eed5bd4f294c849b7b486b61a4e
SHA256fc2754e16df8ccb72eaa2fdb63c3d37408d8fa766a4dff0f2ed9582d4f57e059
SHA51239e777b917fe07cd28f19ee88b4bb4324d00fb850fa0339f4bd2480c133578e489334470666a813f2cca445cce32609b6886f278f5039c1b4e1a8e6645807340
-
Filesize
6KB
MD5b5835fe5af5e67cd4f63b5824d31a9f9
SHA1cb69b0186caedf95e6faf25b261bbb7e374134ca
SHA256c931b55677b997900eae72e4bb032b80872aea8d2c199b9f2a5f28a71337c9e0
SHA5122495872f4806eb184b61820dd195e3be437ea865e3e3ad6e14e6da5fb0a4155bcbdd2944f898a1b929c66ed14ff9b53d8c27eb4ceec4850e87137d3050036a78
-
Filesize
11KB
MD520f65e64a15696dd51d18b3aea10ad64
SHA180a2035e53c350ba00b7dd2312dfe40955af406a
SHA2569363bebd2229d6d0ff7f9f4b45e8b61c2e62bc49d87a1da0a2217c0cac6a39ea
SHA512beaf5d38106e8b7f1616fa7df132f5a36c9c092d2e725920dafc6adfb28315d32395648e4310b3d813bc9fb9cae1af798734d9720920b56abf7118813c34ac4e