Analysis
-
max time kernel
145s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 18:25
Static task
static1
Behavioral task
behavioral1
Sample
8b5b093388773fc3c5f125a7536992fc_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8b5b093388773fc3c5f125a7536992fc_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8b5b093388773fc3c5f125a7536992fc_JaffaCakes118.html
-
Size
38KB
-
MD5
8b5b093388773fc3c5f125a7536992fc
-
SHA1
ce4c2f3669d48e504cb24cf4bf80d0214bf25e70
-
SHA256
f6e9c910a9aa0ea51e029388c339c59f776cade731243ac33e3b1d484c7190bf
-
SHA512
1f99c338acdcfc3f48e8a37dd8c4b34d4f94f8b01847f0ae7733a1dc6cd0cfedf901458f83544ac31544f286513c28f813e716accbcc924a2e739283c738b8f0
-
SSDEEP
384:UiSlxu5hfB9l077S+nqfAMpHj/iju1ANpU896/6ANAAnRT/kUi1girNapYY/CQnn:ULlxWxyfSbbj/Ww9tcUjEYK/Mt74ZBDo
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2892 msedge.exe 2892 msedge.exe 8 msedge.exe 8 msedge.exe 1876 identity_helper.exe 1876 identity_helper.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 8 wrote to memory of 3368 8 msedge.exe 82 PID 8 wrote to memory of 3368 8 msedge.exe 82 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 4516 8 msedge.exe 83 PID 8 wrote to memory of 2892 8 msedge.exe 84 PID 8 wrote to memory of 2892 8 msedge.exe 84 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85 PID 8 wrote to memory of 908 8 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5b093388773fc3c5f125a7536992fc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc763c46f8,0x7ffc763c4708,0x7ffc763c47182⤵PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:82⤵PID:908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:12⤵PID:2468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:12⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:82⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4760 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1976
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1804
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4584
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
328B
MD54d893c5c096e7f23142e19c2453964da
SHA1e0a3bc70fcf7a42fb7c202a00c1f34a3e3cf209e
SHA256448b0a6f62e864fb628785b2aa2106ced5f5463f8aa3b12c8b8fd5fa6c7bfa05
SHA512a9d2da4f97eb0a0f49a7b9c18c2ecd2197401c2ead1b7be17a7eda3b3d7f838774b888a48c292928431fec43e070526910fb0fcb40bc984276d536ddfb3296af
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD5340e681f93d2beea15d6bb7444fcc298
SHA12b6df2538e2fbadfc95eac32d40548a46f120e00
SHA25696d47bd5bd1c7f623992370b50f6a51062fecf72b71367cfd258c2c867f96459
SHA5124e91fe96e86dc7dff677daf687370ff9a2c8db1df4780ed59e698000b35ebd46389a684eb83515e419e723d9aa892cf8782a1369e3414ed97c8cb4135c925b2c
-
Filesize
5KB
MD579c90780d7812584cef15f082a409a31
SHA1d422d4909c334acc727db2317e92ba6705413ec3
SHA256fe892c00142ad49243d733b8bc66d22712a5758a9ccdd07bfe19e81a571385cf
SHA512b4ec8de686f135155fd500bd0c3faac6d6d6bdb65e5f14b26aa252606dca9458808ebd5c942c4367328fa8a750fd384da48f45835e6e443305eb534b1c7b8496
-
Filesize
6KB
MD54452e8764053a240c8fd948e283ebcae
SHA18ecbda0722c473b011aa7bf684803473a17e0ab5
SHA25629407be07ac91468f84f777e44b1ece87b4d361eaf2ce7a634707d3d3de76d35
SHA512e2680f39df281d56ce94a6673b93a9eba585c270e04259902b116dec22bb1c1477c45c0bc89430c11577dde0c23297551012968496cf202583f2fe9774d368d6
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5995df28999f805541b12775503860eb1
SHA1ce10d7c1daa0232d6a6b281b14834de6e0e07390
SHA2560b4b87ad56e6dc319d28f5b70fd5cfd98cc607066675bea418f7c83189779dfb
SHA5127bc8d19286c240d8898f8335ab8b52a736ae1e2e5f23c4a75c8b0a151732f2574840230e5e1e5e45005decf22e9ecd6a6b9c801a049b08f0ddcbbe0b6ac18fef