Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 20:04
Static task
static1
Behavioral task
behavioral1
Sample
8b9d0f02e8e0cf9f49ac79dce10673c9_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8b9d0f02e8e0cf9f49ac79dce10673c9_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8b9d0f02e8e0cf9f49ac79dce10673c9_JaffaCakes118.html
-
Size
84KB
-
MD5
8b9d0f02e8e0cf9f49ac79dce10673c9
-
SHA1
60f1490c8e6a5d2556e37b407d34f1e54bc75e60
-
SHA256
bd2eae27b807ad7addd5b521a33633dbc44ca37c1f426bb6866b59f451edd1c3
-
SHA512
fdc63d12aab5b1380c3898924f63f4a957e2c39dae9e9b7155cf60097aef746e9ca4c56cb018d8a6ad2fd63aedd3b1a7472224ee0b71aa1efeffb1cc6050c984
-
SSDEEP
1536:Z9BcYzpq8rXArR6IGM2pR0MvNuyefwM2xIT2vGOgSVv7XOfWd:WYz2rR+M2pRhuhwM2xIT2vGOgSVv7XO2
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 216 msedge.exe 216 msedge.exe 316 msedge.exe 316 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 316 msedge.exe 316 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe 316 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 316 wrote to memory of 1096 316 msedge.exe 82 PID 316 wrote to memory of 1096 316 msedge.exe 82 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 3572 316 msedge.exe 83 PID 316 wrote to memory of 216 316 msedge.exe 84 PID 316 wrote to memory of 216 316 msedge.exe 84 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85 PID 316 wrote to memory of 3632 316 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b9d0f02e8e0cf9f49ac79dce10673c9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:316 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff05446f8,0x7ffff0544708,0x7ffff05447182⤵PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 /prefetch:22⤵PID:2236
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:724
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4988
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
5KB
MD57a044341d8ab589470616a01acd61dec
SHA1511a1d031ae5e36a77fa833bcbeb8c727eb29629
SHA256aff5c110dc74fdce8b64e675c1163418e15bde77e7128a11a2b6ee9fb06fb7d1
SHA512a927cfe517005fa56e8f7ab8e69ffc177a5820de3a4d4d8c07855adfc3ef12dbe1d5ca560be133b292a1572e8c3a1d091c2d226d796dc0f5cb65d09129937c05
-
Filesize
6KB
MD532b4d40b817719c4a59bfc6bbfa81dab
SHA18d62cd4ef42191511e83e9b402bf90b28a0800d9
SHA256a684ced7ccedbb1478cfc92b8b15012555f9a24c63473664ac2f2ac5ee65852c
SHA51206f769dd9f6cbe5548f69c848b144af3c3623b060472cbf48aacc37c6941ff6266340ba214b7754581928108111992d0986e1aa73dbfc7080cbbf9c0585dbdec
-
Filesize
10KB
MD5b4577f66a725cdea169abaf914522aba
SHA1a3050fb3efc9a4cf9dddcbba46e27de8cb3bcd29
SHA256143e17d1360ab2768b359fb022e31fa9ad0ce7dc60d2fce956501f5c98334e6b
SHA51231c83ba6fed3d2576d1cbae23118db4ba2b8265e5ecdedda432d473b9ec93b9f370103f7b24de639e214aea2f5e540e3c0d30be74d300f1cc232fb088f2b4926