Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 23:09
Static task
static1
Behavioral task
behavioral1
Sample
8fc1846c82f2d4517802a51c159b98f0_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8fc1846c82f2d4517802a51c159b98f0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fc1846c82f2d4517802a51c159b98f0_JaffaCakes118.html
-
Size
177KB
-
MD5
8fc1846c82f2d4517802a51c159b98f0
-
SHA1
20208b923216b44c28135043632b21c9cfe81276
-
SHA256
d23fb5254af9f099ecd6f89738e51b459bcad9b0409b975901da57d3f5342f5e
-
SHA512
65d1cfd74e9aebfb32e786f0604e345da7d5fd3b099f29fc52fa090c8fefda0a1aa2e5b157e7ae73bcdfce357db85bac2f4a85d170041f3ee6cccaf48b517753
-
SSDEEP
3072:gErWyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:psMYod+X3oI+YS1tA8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1960 msedge.exe 1960 msedge.exe 4940 msedge.exe 4940 msedge.exe 3724 msedge.exe 3724 msedge.exe 3724 msedge.exe 3724 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4940 msedge.exe 4940 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4940 wrote to memory of 3972 4940 msedge.exe 85 PID 4940 wrote to memory of 3972 4940 msedge.exe 85 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1920 4940 msedge.exe 86 PID 4940 wrote to memory of 1960 4940 msedge.exe 87 PID 4940 wrote to memory of 1960 4940 msedge.exe 87 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88 PID 4940 wrote to memory of 4960 4940 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fc1846c82f2d4517802a51c159b98f0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e347182⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2567172886599302014,15347721156864101389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2567172886599302014,15347721156864101389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2567172886599302014,15347721156864101389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2567172886599302014,15347721156864101389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2567172886599302014,15347721156864101389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2567172886599302014,15347721156864101389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3724
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1208
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD5494f03b8fe4116c2f6af8b10a655484d
SHA106a5909af8dfa6e583e0090c2b5ecf7b956cf291
SHA2565873d0697c798b5efa28654e6fba1f3b624cb486d0438c4055240577a46475c1
SHA5120618583e3a3db99783cfe2e728c83ec22c047c74562b43dab1d26eb831d79696dc20ff08591a96734db31f18fa2df0204467d4daa51d072a4fb5f638de1f2156
-
Filesize
6KB
MD57f9e85713f6b5bee515d74f643b70d44
SHA11d48d7222b8652a1e48a0b7b1d7f2769bd813114
SHA2563c8304632c6c35e5244251127eeaa3b9099b8f8692ea1d9af1e21452987fe079
SHA512b3cce78f41471d72c2009ad26a2c7ffa70b53d6ee18901daa6202fad24b5c5c89640cba4034fb99089436d532d83cea5a4dd6cccfa61e1cd0cd81425e7eb17d4
-
Filesize
11KB
MD517de647cbede91bb9d9a1b31b83a0c1b
SHA1d8c8666390e50fa40a052341035e1413f7d876a9
SHA256197ea25ed5444ad682f07268abac6cfb9d9d47e41571ecb99708ef11730e51cb
SHA51214aff48a273ae110611f621f9b53282d360d38f14c94860f4c1a532a2c07579c5c179b6783d9a1546d20d49a7d7e706e149c50b6310c345e65efb76c4e7a0faa