Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 03:25
Static task
static1
Behavioral task
behavioral1
Sample
85d9eccb1178c8d20c6b044542d4dfc8_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
85d9eccb1178c8d20c6b044542d4dfc8_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
85d9eccb1178c8d20c6b044542d4dfc8_JaffaCakes118.html
-
Size
347KB
-
MD5
85d9eccb1178c8d20c6b044542d4dfc8
-
SHA1
8db526fc56eb4c315b3136468b12d515ab5b18e4
-
SHA256
ed085fb3df4c6ebe513bf3e185f1f66b8098fbbe1f5074d59a3b3aa1090bfa4e
-
SHA512
18df9db8cb7ea67fde7c3e5a231fac02b84ce29eabc52aa212b76180587186e94e59dcd84a086186c4347ea635572380a8cd7f11abc39d3375157513add46df4
-
SSDEEP
6144:cRsMYod+X3oI+Yy0Q4lsMYod+X3oI+Y5sMYod+X3oI+YQ:q5d+X315d+X3f5d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1636 msedge.exe 1636 msedge.exe 1220 msedge.exe 1220 msedge.exe 1284 identity_helper.exe 1284 identity_helper.exe 4164 msedge.exe 4164 msedge.exe 4164 msedge.exe 4164 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1220 wrote to memory of 912 1220 msedge.exe 81 PID 1220 wrote to memory of 912 1220 msedge.exe 81 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 2644 1220 msedge.exe 82 PID 1220 wrote to memory of 1636 1220 msedge.exe 83 PID 1220 wrote to memory of 1636 1220 msedge.exe 83 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84 PID 1220 wrote to memory of 4700 1220 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\85d9eccb1178c8d20c6b044542d4dfc8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5e2e46f8,0x7ffd5e2e4708,0x7ffd5e2e47182⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:2644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:1172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17034325148749231190,1865987761741150340,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4164
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3720
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1664
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
5KB
MD58da5dcc293af625f6844ce7220377343
SHA13e3331d1a5edb26c12c3577d1b2fc3a766b69686
SHA256ee0d8dd77e15da4e2a721546f4e55d70296d411c21089840fd25a70743401c02
SHA5123936a4b8127712f59b2714260189f49fa0b6763b4dafd2c956f2904e7cc27c0d479d6abebee74f91af84a3b50c26062a797e583e487cb71e6b839a158f6838b4
-
Filesize
6KB
MD500c4f4ffbfdcb4929b8fea6de55e5456
SHA17e40bbc5cf8de56a75211fb0f0707e69e8cde091
SHA256cb3cfbfac4f48e2df171e3697878735a3b059ae7cc1659d752e560e995e28aba
SHA5129b67c0221a2f74d0e9e9c25590956483125c9d0c864928eb8815e581250c015a78f0ce79b221292fe1ef92f458ef709e112feba02bf12f4e85d56cdee6fb6d67
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5f800d7949d49b28359a6583a7f8706f0
SHA194ddef37b59b73120d21b4993acb5877263ab4ef
SHA256d06c9df8ef98554ebd93a8b6337c2b557d80150cf983fb57e363587c9d157838
SHA5126e07bb8656c4a4c4bde26f0f141301a90a324e25a3c8038fe507efe33040c91a8b3d007c0d0afd301c103d8827d8aa15fe32b2bbf92c8c8198018be2396c325f