Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 20:11
Static task
static1
Behavioral task
behavioral1
Sample
8ba244f891f8e13b5aaf3ebddaeb6a37_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8ba244f891f8e13b5aaf3ebddaeb6a37_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8ba244f891f8e13b5aaf3ebddaeb6a37_JaffaCakes118.html
-
Size
206KB
-
MD5
8ba244f891f8e13b5aaf3ebddaeb6a37
-
SHA1
99880beb8a1d70cc041c725164ad5c3223712784
-
SHA256
5a0bae48a90b16815ea379ec86f692c56608e40b8872e920e6774916cc6442fb
-
SHA512
e21ffa71539c115cb2fac50b96055554777c0a0634a673d16470842ff037edba35e822f2b387cca894748ea2618952a8ec798aecc61ec22d683c8e333673f2d6
-
SSDEEP
6144:t530DH6NEQwjcHXxQRVufJc/09W4kxS5x:tuDHQmjcxQRVufJc/8x
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3440 msedge.exe 3440 msedge.exe 3216 msedge.exe 3216 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3216 wrote to memory of 3700 3216 msedge.exe 81 PID 3216 wrote to memory of 3700 3216 msedge.exe 81 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 4132 3216 msedge.exe 82 PID 3216 wrote to memory of 3440 3216 msedge.exe 83 PID 3216 wrote to memory of 3440 3216 msedge.exe 83 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84 PID 3216 wrote to memory of 3624 3216 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ba244f891f8e13b5aaf3ebddaeb6a37_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f93d46f8,0x7ff8f93d4708,0x7ff8f93d47182⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2580
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2260
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
1KB
MD5c3cbd5316a6f93eda446561f8c589680
SHA1d649871be17bdfaf8bd2bf9a86a765a81a3a1537
SHA256ed7f433b1c3ec8848814544caffc4d029949b29a3e94ee22173ab9db6a36c557
SHA512fa8f80847ab9bcd370217db1019175b5f4b1a4a9c8f721c72ef16f8d362df73ca8ff02da7c7acafb0563136abcde477c5b81a8521ea9cc55c9f2d7019e8acb12
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5131b4dc323ac9390a11e5746652deb6c
SHA1410890575473896491c3192ec1907c57f49f3c68
SHA25678642eb426e91ece24d4f6da93b8ad9449eb06c802cff1ae13c2f4fb2f8eead8
SHA512d922e19eabc9ad5ac4ab3639cc8d7c6b5f08c1ad13c12da821aa7001eecdf4cf5a2de6dbd371881ed27ca91d5f493e774b932d5729a94fc7bfad4376d964f901
-
Filesize
6KB
MD5a80f4894299a007e122052cd0cec4414
SHA16be0047e004deefe9560292c7ff6c30d9324a22f
SHA256e59c8d244002704ddf0f23894d8ba35a2d1bf2d557391fd64ee0843d9ae9edff
SHA512066ae67feeee3d6d0f7de8262d92745990b2946b76c083480a084dca7b6f37bac9b82a2cb4f9a73ea8e69cfdec016675f10dbe49d2d76998a77320983ea8ecfb
-
Filesize
6KB
MD5e074ccb23fa8ae4dfd7da8b5fdcebc1c
SHA1cc7c46fe781824ac85d82a7e84f437b745bae796
SHA2565430deb3c154546cd2c5e0a3b0d5683354f925a0bdfa879f3a0d8e1f3b95927a
SHA512f8ad6e5ab0efa9945df010ec9290ba50a3a9c1d2a09d62172865f16d6f19b7aac9a0fc4ed3551f7aec3e3aef8d72b00978ad5a0c293427c8f807c0530e7689b0
-
Filesize
1KB
MD550556942e55df45736c9990ae25b9440
SHA1e4319118d3b1b2d2ea7b104b18b9c3a2ccd21846
SHA2561ea6664640641cb4e794dba1d2ee7b0a6503b8f0702ffee1f67ae638f3e145b3
SHA512e4a6d843b3ed19fca84118dafe1d0561ca6937626ea1776bf8fd6ad8d4c7c05870d58f20359867767b9e4f529a3c71c557ef6bbe2cc90adb1659be601fb5d58c
-
Filesize
703B
MD5e1ada7b7b994fd97f7371be65fea3a10
SHA170940ccc4ff78a4a4f3cdba8931e1e35d73d040e
SHA256ea098ec3e80ba6b2bbeb52a09b385e8a1e54024ab8988b916eca80d27e76075a
SHA51243b20fa6674133da9d2ebfff057c411a1b6664e95d173c322ef49dc64d6d618f7b0daab9f9fc3260afb248cde63cfa3003dd3d11ef7c27e448ff13798a2ed797
-
Filesize
10KB
MD52d6f3f7fe9a2a19a6b9074dee4b7634d
SHA1daded43db6e374c799a16f8d8dd9edc208cbcd4c
SHA2564a5191a7dd6197bce87f662c97e485478027b60688a386910c5549e3ea255c86
SHA51279456162ecfb4ecc92460d61c1293831608c6492a9d1c8029067bd4bd65e578342fcbc2f331ef94a8f111a029715538fcf4845cfee32499fa91b89bf12e99fc4