Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 20:12
Static task
static1
Behavioral task
behavioral1
Sample
8ba3687af445ce5ffb61e66f2c39e407_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8ba3687af445ce5ffb61e66f2c39e407_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8ba3687af445ce5ffb61e66f2c39e407_JaffaCakes118.html
-
Size
25KB
-
MD5
8ba3687af445ce5ffb61e66f2c39e407
-
SHA1
82ca91c14e4e797b9b29b545696702bae8a81d38
-
SHA256
43e8aad2344a30abe318b16ee592f32226ae98c4033d27cf9c9b3b2df7b642fe
-
SHA512
272b9032fd6c32c0786c0f832c50ab0a1869ff5a1d103257702fcd5a09de40ded357e384ef77aaec0eede5d54957155eb50bcf9338620d6bb10dbaa1746da07a
-
SSDEEP
384:SIO8kz6+4vDQl78hugAQ5cTDsP/XVYrzqh+sck1iMtoJ7jSdACefcu7E6Y8XH197:SFFmQl78hugAQ5cTDsXXMe9cqGE3OF
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4188 msedge.exe 4188 msedge.exe 4236 msedge.exe 4236 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4236 msedge.exe 4236 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4236 wrote to memory of 4436 4236 msedge.exe 83 PID 4236 wrote to memory of 4436 4236 msedge.exe 83 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 1376 4236 msedge.exe 84 PID 4236 wrote to memory of 4188 4236 msedge.exe 85 PID 4236 wrote to memory of 4188 4236 msedge.exe 85 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86 PID 4236 wrote to memory of 1200 4236 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ba3687af445ce5ffb61e66f2c39e407_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d47182⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3205713002334971996,8988667504155890504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:22⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,3205713002334971996,8988667504155890504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,3205713002334971996,8988667504155890504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:82⤵PID:1200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3205713002334971996,8988667504155890504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3205713002334971996,8988667504155890504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3205713002334971996,8988667504155890504,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2740
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3080
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2296
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD57bc130aef80b311190176a415313e85e
SHA108bf42065ae5093f564b160b01bc3356955ae5c3
SHA2561b3b6706a0ae469b4a06d6dcd57282f1b3343c5123e833db485061031b39ac75
SHA512d9241e04a9b13d09226aa4ab1d5ee98f62609bda70fe1f2900358917bccb65f2494ba5e2b6476fd325de6dba89810f45ecdbaf5b6867065e2adfbdc6cdfc7c36
-
Filesize
6KB
MD5cff0650a1046ab487a19f335a1b57bd8
SHA1550528500165b952e620ab939542ac0c85356396
SHA256ac4c457a64983da9e851b8744b35cea204be2d86b9442cd19a00399a671708cd
SHA5129b7f3affa4e88e4f7a0a5785307d67256b9743d89a4ac20120da1b20b3cf42a1e49bb06013b9edcd5bbd193c0145f1ecc4dd8475fc87fa579c6b081dee025cc1
-
Filesize
6KB
MD509ed078841ba477ea5bf49532e7e82d7
SHA11bcecc9f10929d2bcc2f66ecee48f2fd7c036f2c
SHA256159a7e1e04236769b2b5d052f36192ff586fe0a9eda0b2131246a36042ec522c
SHA51230b027497914364972ebcea36ad50296a509d734bd8469dcfc9f3e9f942ce9bc43953bf8f531ae6ed994c53d6b95487b661791187e8c186cac99bf573c5ecc47
-
Filesize
11KB
MD583afdf20b810391175328978133a3db8
SHA1800d9b63549a79bf497152a3f41105307e096691
SHA25686b3b8034639b5bc2ae5119b9118fc718692ab4e4b23c1a66009a3cd56b31c1a
SHA5126ab8bf7536457df5738a80d0869a0e8289dfa38b898b322ea28e0951aa980fe45b0e4b0cacb80e62f4e04393390f0ee1e09930d4374ce206042f503223b45df6