Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 23:09
Static task
static1
Behavioral task
behavioral1
Sample
8fc17a38d51c8e67a5ac0fbebe8a1773_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8fc17a38d51c8e67a5ac0fbebe8a1773_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fc17a38d51c8e67a5ac0fbebe8a1773_JaffaCakes118.html
-
Size
45KB
-
MD5
8fc17a38d51c8e67a5ac0fbebe8a1773
-
SHA1
9dcd6dc9f6e1cc0da38304fc77ae256f6ad5ce69
-
SHA256
dd21fe6c09fc7949745450867d11f1f2cacd239b7881ecbc428f969e1cc73783
-
SHA512
d931f839703a42b222fcdd870bb6c377c9b25aeb412610962e5d64504ccec29fd4e8ea412a959908241a572a14382dcecbcb2d718b3af217f2e01a4acd86440a
-
SSDEEP
384:STH16T116TJtSqCDxPiAZMTaiAZM/c9LRqm1LUzuTWrsd0rsd0SI1a901a9m1a9t:S5Yct/2Xv19Bqu4YMvcJ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1112 msedge.exe 1112 msedge.exe 1712 msedge.exe 1712 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1712 msedge.exe 1712 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1712 wrote to memory of 2640 1712 msedge.exe 82 PID 1712 wrote to memory of 2640 1712 msedge.exe 82 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 2004 1712 msedge.exe 83 PID 1712 wrote to memory of 1112 1712 msedge.exe 84 PID 1712 wrote to memory of 1112 1712 msedge.exe 84 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85 PID 1712 wrote to memory of 2164 1712 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fc17a38d51c8e67a5ac0fbebe8a1773_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1712 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdad846f8,0x7ffcdad84708,0x7ffcdad847182⤵PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9712510602356541361,16026239937523875909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:22⤵PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,9712510602356541361,16026239937523875909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,9712510602356541361,16026239937523875909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9712510602356541361,16026239937523875909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9712510602356541361,16026239937523875909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9712510602356541361,16026239937523875909,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4896
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4792
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2352
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
313B
MD52bfe4cc63ec86b5d50c194086680cb7a
SHA13f4e9dfe6ceb7c11082b3e2fcd06a737d113d744
SHA2561ad79d24a32c2f5dbda2dbf635dfd2c799c8781473fd85a2859fb2fe070855ef
SHA512bfc66f798cc827d2a81d83a4b3aa07c617833ee62f5dede4baf67e6d700411668e034d99d89443b0a13342308ea83fff5f44df93df1348edf1d58dc4df234c8a
-
Filesize
5KB
MD5bebb4391dfe9576d88006cfa40e5d485
SHA17996d72f74a96bf6ce72bad3c85533658f035aba
SHA256644bdb10d27198d343c2fa7d7f4ba18966257b1a6a61034409ce87400a1c69cf
SHA5126dcc649b7d0187e642d373f5fb1870ccb3f1ec261b8cecee72d5856b1e49d5c36142d267f24abd024a1fec81052aac08975fb5d12e01fcc72dfb8b8d4729778a
-
Filesize
6KB
MD5d748abb9826b30c1515ea9e62bf96944
SHA156168dbd339d783c6365eab564bdbdd7c89d4d83
SHA256206aaa9d80627a343d4251910bf0e7480b297323d5d5170248d5cbc81c41abdd
SHA512ae162d35621beddf3760dbea20c745dd5eef73452b04955a5aeb09b3795b1bb82835627d47ce16009207c457e128d26a3c9c04b66c497c99fdd6d16ded87eb2b
-
Filesize
6KB
MD508da97be124d9da5883fbde713060cca
SHA1645fb441fd203d3a90c7acd384a9f126f102079f
SHA2564d8deab774baed8fb7cab320777a10915b357d722caaf7bd8e9dc0f42d58c706
SHA512aa55a83bf8d2105bab3ef63739e04151922962a80d4c37dc3b0bba86c3b4d8e32a8cc24cdd2afe88f622c47a6f4b3b69e6e3a533ed9481f86682ada068718cb5
-
Filesize
11KB
MD5fa89160ff67a42a2b16d0c2a1cab58c8
SHA187b5a34d1a1eff1164a6655f9e2c383c5e8ee908
SHA2562a02f0a00ca9661125f6afeaf2c569676cc5ff14ec30d3cb75598972726cdb9e
SHA512fb963569138c1e02a2518416d068fa615dd44f7f4795d0f6feac266664369c23f6fd9772d643a877794bcc1daf0f40cd92c54fdc663e11e1c0ef7c235a05b2dc