Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 22:35
Static task
static1
Behavioral task
behavioral1
Sample
8fac5b16b502573cffce51815d78babf_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8fac5b16b502573cffce51815d78babf_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fac5b16b502573cffce51815d78babf_JaffaCakes118.html
-
Size
354KB
-
MD5
8fac5b16b502573cffce51815d78babf
-
SHA1
ddd9db54274c74355ffff8fa1d03ad50c8111a01
-
SHA256
0a44ee0c39461bfe84fbb094c0d195ffcc9903d98aa207f645ddbc27c337bf85
-
SHA512
d7eeb1251c06e3e847ba92805d65acc275db7d71bd2d2a5f94277a1b9c22ccd90efa118b62d7f5bc393d42d3ef51a70ff033d40c1054a0a6b8266a960c58cd51
-
SSDEEP
3072:M3SOxooaqFsadqxlXF3WSXFKmcK/hRdNi:M3SOxojFpFi
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4340 msedge.exe 4340 msedge.exe 2440 msedge.exe 2440 msedge.exe 3796 identity_helper.exe 3796 identity_helper.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2440 wrote to memory of 3248 2440 msedge.exe 84 PID 2440 wrote to memory of 3248 2440 msedge.exe 84 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4596 2440 msedge.exe 85 PID 2440 wrote to memory of 4340 2440 msedge.exe 86 PID 2440 wrote to memory of 4340 2440 msedge.exe 86 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87 PID 2440 wrote to memory of 4728 2440 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fac5b16b502573cffce51815d78babf_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2440 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9924846f8,0x7ff992484708,0x7ff9924847182⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:82⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:12⤵PID:3916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:12⤵PID:752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:12⤵PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:12⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4344457508859306572,12814419733156068925,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5236 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4036
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3976
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1660
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5b2ce706bd6d6426b96a91a2fa7612470
SHA1133a3784fc8043e35aeb474f6f65a3a42ee2b5aa
SHA256fc20f7e21c9a809592591c3274167b498113c0f3cf705442ed8dd3163fd355c1
SHA512e17ac3b715134072364699955e4894447fee16ca535b8b01fb7d29bd4f1c024bb0686d814e3277c7d577ef6794e795bf94ce5d7c64461d8751bbe37317fc3049
-
Filesize
1KB
MD506a9f618f25af11b64e0d2e9b16c9d24
SHA105f97ca0856966a0bdebdd6fce4a873beac6940d
SHA256f371a47bbb2b1357751fe822703a4ab3ce907f25fcd6827ef1f1e0ef376ca5c4
SHA512b016eb3ba71af3ba7db4a7620f5f733ee2e210530881c547e638192a43e63de088d7144bafd5420237092c71e570358cabe783b2a4bc636ffaead8e71ea383aa
-
Filesize
5KB
MD5eb233ac0dd29c926e114bacbb3a0e252
SHA1a95272742c8e2b2c20d6d854a82d0fb6cb6330d8
SHA2563fec07f969ab346603a05ed3461c37c7b6de17ca09a1fe72d2513431e3827066
SHA512037a5ce451a5d932febf14825e6be7a87502e525aa871d6b134f72c93f9874e8f9eb8312142699f6276a9334b87ab8a2da4cd03d52fbeba326c1745edee7e5e2
-
Filesize
6KB
MD58c74b8a1706e55a518d41dea9e553ae4
SHA11d2ce0a6f769d94445c5aa9ad1c31cd7f9fd1e50
SHA256cce8ba9b08b27a4846a412758f12dab2ed0bf271dd72837732defdb5062075df
SHA512596125b9feab38f5bc4ff8a7bfa14f4309af4b1942ab9779a6f3de46eccdf23591ad98cfd36acc5be43821bf4abf676845218b044a38a718740d7330a3b3b1be
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD546e1d0dd6f3011d04dde7960168de0b8
SHA160cbc879a4ac85b8a8f6423f0f5c66b562295bb4
SHA256f22b6fc19d33e752852656abbb64ea430ba7dbed5bc1a02af3e267041533c46e
SHA512eb89e1fffc60c3e031b4d0ca37477f04d8832785b122a1f0891c4871c3fa8e100308d20453ee126d0eea9ec770a893aa7f7eea049e016c57581c2c4118d9e035