Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 15:30
Static task
static1
Behavioral task
behavioral1
Sample
877c1eff0406f3aa3fc14c8293ab9f83_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
877c1eff0406f3aa3fc14c8293ab9f83_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
877c1eff0406f3aa3fc14c8293ab9f83_JaffaCakes118.html
-
Size
4KB
-
MD5
877c1eff0406f3aa3fc14c8293ab9f83
-
SHA1
cdc7bf00e2c3dc94408ac97593377be4fb95cdd1
-
SHA256
9ab7cebd7ad2bf013d90e3851ee8d49622e3c9347cc0037abd36f4bc592c0773
-
SHA512
0bad08e21c5b803f5bdec38463c951bbe97d7c63c244d3a4b435a0f836c2fea5a6fc4a496e7e642773d2d196ae0693d661a0b14ce7983d1142c895d2ae638640
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8opJqoO0d:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4692 msedge.exe 4692 msedge.exe 228 msedge.exe 228 msedge.exe 5000 identity_helper.exe 5000 identity_helper.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 228 wrote to memory of 1072 228 msedge.exe 83 PID 228 wrote to memory of 1072 228 msedge.exe 83 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 3736 228 msedge.exe 84 PID 228 wrote to memory of 4692 228 msedge.exe 85 PID 228 wrote to memory of 4692 228 msedge.exe 85 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86 PID 228 wrote to memory of 2008 228 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\877c1eff0406f3aa3fc14c8293ab9f83_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb649446f8,0x7ffb64944708,0x7ffb649447182⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:22⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:2008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:12⤵PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:3908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,6948554249224036789,5096196198147527199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1028
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:676
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4720
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
292B
MD557b39d6864c4d45f39f8d1aeadae10bb
SHA17a0257e71404aa1a532527f750417a9bbf352abe
SHA256ec4c9c40790d3a61aedd967bea43be339eef4df7871fbfcf5ddb2670ad939d6c
SHA512b327f7fd96b0aedbe62ddd561bc4114f5ab57e1171d9cb3c958c9d15aae833b7409f1a193dc9f71acac5996c9eb161799cd872b15fb7f05a0ede5f8d1a52e254
-
Filesize
5KB
MD5474f3e89a0d5b830642297bfe2971e1e
SHA13ccb0dcd068489a61880e792e113c10b6b08b9f7
SHA256a7cdc6050f21ffbb5c68d2cd97fbbb24620fc42331032de08092e63b75521d16
SHA51221c5a3670a6a7e1e44da2fe1903245dbd489fb42f5a4942994f2f6639fb3809b34160b53ca8230dc3eb3939163cb2c676ae58aa9c5782fd62e7659ce3e035e99
-
Filesize
6KB
MD5a64bd36c4356d1de381e7704e72ac242
SHA11bd4b1f649a118ccbb5b0aa87e08dab729430dbd
SHA25600b32ef362085e95595a6a0efa7173cd575b03658e034ee95e8bc8eec39ed143
SHA512d8dca0b21490b11073d24a8c5f3e7d7b00edca1c22792b832408c868ff4eb6c30b95272872b024a0b5e5f4dec30827560031a9af95055da9fb6a6c474355660b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c96ef905d5a2ec4ec0dfa627baa7fe78
SHA151c42c866ed500d0b75b4eb5f25c376ae11d40df
SHA2561c1a1f364816525f82628e5a93217dd2d45d21cdb9d74d5fabc533a8b8e26497
SHA512a9b8e9d86dc5567420d09fa848e8c628af4e9646323d4f15f99e829fb8e6f1c1d1e62b3bc0afdd3e48a0262178a214d62d736240c0242beebbdefb02a681a31b