Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 19:21
Static task
static1
Behavioral task
behavioral1
Sample
8812fbaa8bf7c750907a07bc8ee5ef7a_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8812fbaa8bf7c750907a07bc8ee5ef7a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8812fbaa8bf7c750907a07bc8ee5ef7a_JaffaCakes118.html
-
Size
18KB
-
MD5
8812fbaa8bf7c750907a07bc8ee5ef7a
-
SHA1
3fd7f8c31e049dededeebd1ac39238f75fb1ac11
-
SHA256
6d6b18ec66822df8ae8fc7d3de711dda32ed13462ca11b26cc18bc409bb98fce
-
SHA512
0d5ba19b21aa6794cf7b043b749143f535358ceb8618e167c11c4da0e49949c59f271b076633565af64016b73ca5c6abe48430966b35fa90f85a312f808650d8
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAI24ozUnjBhEe82qDB8:SIMd0I5nvHLsvENxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3720 msedge.exe 3720 msedge.exe 2816 msedge.exe 2816 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2816 msedge.exe 2816 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2816 wrote to memory of 4516 2816 msedge.exe 81 PID 2816 wrote to memory of 4516 2816 msedge.exe 81 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3832 2816 msedge.exe 82 PID 2816 wrote to memory of 3720 2816 msedge.exe 83 PID 2816 wrote to memory of 3720 2816 msedge.exe 83 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84 PID 2816 wrote to memory of 4256 2816 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8812fbaa8bf7c750907a07bc8ee5ef7a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa682d46f8,0x7ffa682d4708,0x7ffa682d47182⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,346012525580819730,429369551593674948,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,346012525580819730,429369551593674948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,346012525580819730,429369551593674948,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,346012525580819730,429369551593674948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:5860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,346012525580819730,429369551593674948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:5708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,346012525580819730,429369551593674948,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1420
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5804
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
5KB
MD587d4b817c7330eb8a1451bc3ffafaa06
SHA107e812952d26421e0974d8dbf1d800c3e692e637
SHA25628ce0510b79d2c128b9cf71f5df1aa6951d4ea17cbb8193294ce5bd01b816ce9
SHA512a647f731945da133d4fd6314b99eeefb19f601b4493cb02cdb3fd1677643876b7b89ab131ef80dfc6093a455e694a18290232d073bbd4bf4928c2866661a8932
-
Filesize
6KB
MD5abbe9a93cf6cb02d57635a6e05079fce
SHA1daa6fb3ae7351ae86c065da37258c602a4aeb806
SHA256cf0c255821240c3b6df6ac58996ca2196ba4ea9cd88e8b47b5ce32aa3f63ab15
SHA512149044b62e9e754918f8f18fb389290c1ee4a950984c22cef933156c99a0d9427f48d402e218aebc3601d0b185450fcb87ac1c9b00cd16a05638bbd381c6b5db
-
Filesize
6KB
MD53323b779a3b74b3179f8ba20915014cd
SHA1a71051cfed952efd9ccbcd1745db6ebee1dc597b
SHA25602b7127bfe8c5a96dcfd2136d0718fa1dc65238454947ba3867c40361d274172
SHA5127b0e0761d3dcc5b06ef42f13c0e98848707d48b1c0d1b93e21531cc4a5edfe3a038c2f49a7fa50d76327bcda651c4dddb6769cd5f12e1d6259c7d6f469949197
-
Filesize
10KB
MD5c7b2a7afdde802b148cce70ff490e709
SHA16117b5f2e34629e87e8fc3ab64a97a11d71a4357
SHA2566568df5a2b7dd08768fe4afe16785e0f4cd9cd0fee01f742eedd073bced11b4b
SHA512f1a6d9c5acbc825fefcd66d64a250ea3c0bea54ec8c045cb56d12166ec6c5ec5a418e37e16dfd5662e62477a171dcb3331ccb05a0503d164f0b23cacdac907be