Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 20:11
Static task
static1
Behavioral task
behavioral1
Sample
8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118.html
-
Size
89KB
-
MD5
8ba290fadcb88ff82a0cbbcd07e633c6
-
SHA1
713bc00059351b41b52bea1ca666eece5ded3ab8
-
SHA256
988ad09b79e71861c7b80f1f4ed8c11d83569c3629c1dfdaab11f0ca87dc3ceb
-
SHA512
45f5dc7fb13befc8506a7c5bdcb6b50dd379af2e65359b603dca08c2c1522e97899037cccc7bf5f2ac3098c3a828f83056bc2298f0d568a414707aaa80b6d8a7
-
SSDEEP
1536:sTRj+AhyJroz1LQFXjX3dBvBjKgE3teymBHcsa+ZzJIdE/OJyz2jlMaacjGupXR+:sToAhyJrot4PJmgoMZEczq8gYt9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2864 msedge.exe 2864 msedge.exe 1396 msedge.exe 1396 msedge.exe 1060 msedge.exe 1060 msedge.exe 1060 msedge.exe 1060 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1396 wrote to memory of 3168 1396 msedge.exe 81 PID 1396 wrote to memory of 3168 1396 msedge.exe 81 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 4472 1396 msedge.exe 82 PID 1396 wrote to memory of 2864 1396 msedge.exe 83 PID 1396 wrote to memory of 2864 1396 msedge.exe 83 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84 PID 1396 wrote to memory of 4024 1396 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1396 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb2aa46f8,0x7ffbb2aa4708,0x7ffbb2aa47182⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:4024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:12⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1060
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4884
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3128
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5a37836456d15eb10b9b35ea52ffc1ca3
SHA13bd9e0a592a6b54c6c302e02e60b4befcac98484
SHA256b4d96d55c38c5069a74d6b20b885b7f71fc286d86872dabb1a6147de9b4a5d13
SHA51295b7ae1d749abd63b5d60b6a2df06c08a66147cdca23852089eeb6b71cfa1c685f9fba75a27903ac926b09745fbe709c3ceddd07ef9ea4b89fb01e5a63c29213
-
Filesize
1KB
MD548ebdb00f0f90a64c2e3f5695b1928a4
SHA154a02888bab96487091459ff2a5a1f73b8e97ff3
SHA256751163ccd9f81c8f6629dc13a0bc5c9527505625d5fa848d8b59bd6b7f6a3c12
SHA51295db06add0c08d49a4f50c169abf4a11534fc494e0b397c6e2eee8635159a995ae12d03c326ae16b9f524fdc75baeff51164ce56d35b45c4080162b3ad74b277
-
Filesize
5KB
MD55e2ff2eb1adec851a207c06d140e0c4d
SHA10f51a7bd71e5774d1245f9a5a3228d8caa9602ed
SHA2569f92913a904d7ab4270ec04bd2a44572476fa8944e8c92084707f830b2ec4b26
SHA5128a7c9ac04dcf2aa11112dae432b7198a36657482a857dc5f6178d6c9d9e3cdf552299ab4b13664ea9311fba7724109f2dac6013821c87d2a54f15cd72722e843
-
Filesize
7KB
MD5b48e818aeac921559b26706778c37807
SHA1a9247329d54aa7bcfb3066fe09609db3bcfd33ea
SHA256ae1ac33bfa655938d3d31038057bc7bccd4bc605c983cc5dcce4942565602d4b
SHA5124107f8fa2f53555e62ff7a28fa7528a812ada271d60bdf62b4b548092a870b104c88900e9737edf641430a32c606b943d9afcba78eb26c599aa8a75ec1392f9f
-
Filesize
11KB
MD5d38601fb6d9b6070d19f879dcc844a79
SHA131abe47f6caa1ba60a765484383973b2948210d9
SHA256f92078ff9e64580b4658999ebfdbd1dccc94dd0c443618c9bd3032c5c8e73343
SHA51256a2bbd4b5ad5438366b7144e818b74b9a75a6ee542eb0700b4ca83ed3b262b46a04a852c629239274859f170e74322f009c8658c918d1b27782dc49e79d3d9a