Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 20:05
Static task
static1
Behavioral task
behavioral1
Sample
8b9e0f98255f8713319b490fe4594fca_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8b9e0f98255f8713319b490fe4594fca_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8b9e0f98255f8713319b490fe4594fca_JaffaCakes118.html
-
Size
125KB
-
MD5
8b9e0f98255f8713319b490fe4594fca
-
SHA1
3d6b6ed20e20e24a74d5af99fd8b12eeb61dc03a
-
SHA256
9aa74169b5d14f7e1636931f554a2c4a61d3fededb637600cc5ec4b143ed3316
-
SHA512
a18fce023c152393ad80ca316a0599e9924591c91fbadb6ccd0c4d73fa5209409a066a4a94c4cb06604e59e75be62f85effc9249d4b1685596e414930ec7dc90
-
SSDEEP
1536:StlfX+yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dl:Sv+yfkMY+BES09JXAnyrZalI+YV+w
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 380 msedge.exe 380 msedge.exe 3624 msedge.exe 3624 msedge.exe 3200 identity_helper.exe 3200 identity_helper.exe 1616 msedge.exe 1616 msedge.exe 1616 msedge.exe 1616 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3624 wrote to memory of 3352 3624 msedge.exe 82 PID 3624 wrote to memory of 3352 3624 msedge.exe 82 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 3032 3624 msedge.exe 83 PID 3624 wrote to memory of 380 3624 msedge.exe 84 PID 3624 wrote to memory of 380 3624 msedge.exe 84 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85 PID 3624 wrote to memory of 2240 3624 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b9e0f98255f8713319b490fe4594fca_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2e0646f8,0x7ffb2e064708,0x7ffb2e0647182⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:82⤵PID:3868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:12⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,38720437180685376,4498195161874259776,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4784 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1616
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1844
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4932
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD553e710d9c14fe0bc31959dd7ad0b9484
SHA1b121b233bc73757ff06e272671ba1df6ef3b6a97
SHA25641e4edb5fb84d3a07379deb04795cd12f55886112551bd3db923a63c41ebaadd
SHA512b1ea7f1ed258227885b072f7f82e09496a19c6ed2430e1c3331006dd6b92b74c2c039a281afabc989c43e7b05312b6ef700634484ec1c0e6831a05a61d60377b
-
Filesize
6KB
MD5c567c1b7195f9b7e05c1d6208b1ad8f2
SHA1c7cf0c290f2dfc5434df30eb8735d3fc5ace8881
SHA256c5d8a458a1eadc5ad55d217ab7b04d05f123c6ad5301b317cb49206564c8ea57
SHA512b632f8cfa3431a6e72331646a714fe68683b36801c4fcf50eced7c2a945e2d1cbb872fda137120973aa7dfbef5c432ff6b7cec1ee17ee78ac8219070f5a06309
-
Filesize
6KB
MD55a04ba737080c3c397d55ef04da04bad
SHA12be7d29569d6785787bf13af7eb4574d9313fb4d
SHA25659f0da085f3c2750e6954582ad29cb96b7087ad17012121400597ed88e3fd67c
SHA51202616f541b9b8338e8d3da2c053f56686dd10d9ef84fc1746943baa9a312ed902a6ee5c9ef7bcb106920ae3b820c501671985bd5454e129fe5b45e3459301592
-
Filesize
6KB
MD528f6cde530518eac571e6592f6ed1676
SHA145576d135effb859349d0215822625154404a8bb
SHA25632c3f8b59af146be327d9423be679a0a057194bfe948c78de81a6f0c5782fb8a
SHA5127b6a658ace3d51c1af4c1397b611757f00a5ecbacbc209ebaf3977b80e8495f14a978359d227f1f76e27c4e5348d3fa7542c26cd49a464870e9995c6d2fa59ee
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5b5bf0d25de7257db71dbe4749fc2ef39
SHA19b817f8ff7cca8c07c3846a4a7a1d337fa5bcfd2
SHA2562799135e704d7578f1f0f10246236fc039e5330b58c33224b301e8412c7a97e0
SHA512de7764642c715832a4e3832878a09c8be08f6f1d6511485fd070474036dc96718ac88c3f149f7e65d99c0a62ea4eeb5abffcf40230fe8d83381116683c6083be