Analysis
-
max time kernel
145s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 22:30
Static task
static1
Behavioral task
behavioral1
Sample
8fa81641f96d0b556253740941f934e6_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
8fa81641f96d0b556253740941f934e6_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8fa81641f96d0b556253740941f934e6_JaffaCakes118.html
-
Size
27KB
-
MD5
8fa81641f96d0b556253740941f934e6
-
SHA1
518c7b3a81c8ef0ad67a021fe82af07108d7c334
-
SHA256
0877d11db2d88579a7cee0faf0e60cb3ece2e5d6bdaac79467fb63e99989341a
-
SHA512
9991f3a978c1f9a9dda41772fcfa8660e6c90927c8e9f386940e28af39403ce16904c74ec193b9f9a16ebbdc37fdc01d57d4ac9f355dee42a0400dc972efbf99
-
SSDEEP
192:uwzcb5nbanQjxn5Q/CnQiexNnwnQOkEnt6UnQTbnNnQ9exhm6ubjVQl7MBRqnYnE:6Q/SALajUS/4h
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3396 msedge.exe 3396 msedge.exe 1844 msedge.exe 1844 msedge.exe 4780 identity_helper.exe 4780 identity_helper.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe 1844 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1844 wrote to memory of 5080 1844 msedge.exe 81 PID 1844 wrote to memory of 5080 1844 msedge.exe 81 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 4132 1844 msedge.exe 82 PID 1844 wrote to memory of 3396 1844 msedge.exe 83 PID 1844 wrote to memory of 3396 1844 msedge.exe 83 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84 PID 1844 wrote to memory of 5632 1844 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fa81641f96d0b556253740941f934e6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1844 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec947182⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:5632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:82⤵PID:5344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:12⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2823645616819146152,12051780223018330800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4520
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4288
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
5KB
MD5f357368cf5dc49c3f22618b8c772cdbc
SHA19eec26748ea572699c396f6668b49b7eb5a78b6e
SHA2562ead792e80bf302f1ccd9e6ce0be5be42af6bdf755c24a91dbe86e6f74711937
SHA51287fa4c9d83e006b3517ca01d452535bfd6a63cdacc9d49408c9fc0aa125fe59b4a178bed4b8508ceed56a35853b57e76cc71a59aa74f6fc6c40479b8ebd6eecb
-
Filesize
6KB
MD5c7944976c99759152a23a86127b3ab46
SHA17a7a8cfdb5e764850deaa92ee4c18c3287c15205
SHA256bb63e6f7cb7ba789e1ea65690978c2faf73036105661b4f0d100909b8855386c
SHA5127f204094a7bb2b3917e6fc284e452927912c30eda1ead88c91c1e88864ab4efa04772b710043022accc9f14c10293337331ce8d808176ae29d5cc5f7c5ea6360
-
Filesize
6KB
MD5b286d87d7387c3fdc09bd610d698c008
SHA1ca95201b0de90cd14e6dac940721ac3c25654172
SHA2563b0c9bd08393e53b2b9f9911ec447ef20a678923642ba52a584438c511428c38
SHA5127ea0cc898f31d351e5a64a1fa44c480ae8541a7c91d916489c6f1fa64762c10d7924262ac1ac5bb9d1462f430bb11c6935232df7674708dd60a946667fa46539
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD56d9814fcd007b3027e61c78c3d4e4549
SHA141628f97fca2a4a5eba13b2180534510ac9afb3e
SHA25685f14794da3dc6cb8e0a2a7eb2c4bbc701d281f88bd42467990856bb6d058055
SHA512cf786e798e61d18c8f1822b4cc3dd67d4b270a0d8101fd0c9cec0891b1f1312a64bc560db9c11a739aeb705873c38280d5caa84c5211cf77d19551e25aab820f