Analysis
-
max time kernel
149s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 22:36
Static task
static1
Behavioral task
behavioral1
Sample
8fad45102c1691815b87fe2f70467d4a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8fad45102c1691815b87fe2f70467d4a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8fad45102c1691815b87fe2f70467d4a_JaffaCakes118.html
-
Size
139KB
-
MD5
8fad45102c1691815b87fe2f70467d4a
-
SHA1
d86a0a350922b7d33eabeafc45567119509f4e6c
-
SHA256
3973864c28c515db1916772f0e29f3ce3b07dfb1482d01a49f77acaaf4b7c0c3
-
SHA512
1907fc706b8e564dc52e387ba28aa4054d0534bbad3ccbc47f54454dae353e7d39497a7fad017a08e9b50334c30b7bfdfb5b362cf4044df030e36c6e7b09e886
-
SSDEEP
1536:S0Ev+h1ybtUwi3l70tByLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXu:S0EZX7yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2948 msedge.exe 2948 msedge.exe 4016 msedge.exe 4016 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4016 msedge.exe 4016 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4016 wrote to memory of 216 4016 msedge.exe 83 PID 4016 wrote to memory of 216 4016 msedge.exe 83 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 3208 4016 msedge.exe 84 PID 4016 wrote to memory of 2948 4016 msedge.exe 85 PID 4016 wrote to memory of 2948 4016 msedge.exe 85 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86 PID 4016 wrote to memory of 4008 4016 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fad45102c1691815b87fe2f70467d4a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa797e46f8,0x7ffa797e4708,0x7ffa797e47182⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:988
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2372
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2152
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
5KB
MD58aeac7fde1698e61656b9c7f82d5a019
SHA1363fc03d677790422f076a77564db4d71cb7af6a
SHA2562170f8050dea34245c2a8d983d571c6bfb842aa15dd9aa4621c290b89cb51f6c
SHA512a80b0d4757371da6124d5ae519ad1b44a31a2776e0688c86d8e9f9b7bdf7563dcd56485711b5be75d811804bd37d2bf5844d1906fa9cc16e0a2f5168116292a9
-
Filesize
6KB
MD50d0b4b5f8b9d525fddc23cfec912228a
SHA1c32a8965468244dc7ce18a8c8b1e1b93e214e806
SHA256360605f659e910234b4bc793f4e0e36ec6e999228d0e627f16da99a75a5ea5ee
SHA5122c271b51b13be39f4d5938fd06156d28f163b337dd51bd47fe0a53964cfef1fe90d6f76f863650477fe3059a0d108c772e0966dd0e4b254f19172577579ef053
-
Filesize
10KB
MD54b7b4cbfb293122fb105fa8cb271140b
SHA1ec3042174de091fe52156c9eb9d5e602d9d541e5
SHA256b1117b190208d4e790645c1dee86ed3538da265f3a9e5fac305d200297942790
SHA512a89580f880be06b8b9da384a09bc263a5c276b8c9071d3d258fc1e2e98d5574f81f91b12dd82aa8448884fe6089a20baece894aac3e34b5d3f17e345c52ba25d