Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 23:43
Static task
static1
Behavioral task
behavioral1
Sample
8fd894828340a0ba56074c2b9051a7a5_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8fd894828340a0ba56074c2b9051a7a5_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fd894828340a0ba56074c2b9051a7a5_JaffaCakes118.html
-
Size
116KB
-
MD5
8fd894828340a0ba56074c2b9051a7a5
-
SHA1
48c69284867586a7eabec288ac16dfc27d0a0e42
-
SHA256
5316a16f940c41f7da8114e679b1da5b87e2748baeb5ac1c6d2fe17099b2ffa3
-
SHA512
1428ff4976c4585be13c0ceb0343d8bf962f104f94049add2b50a913587ef5f4dce76a04cefc9fd2a710815cd1a36c4690667d873a2f19261b24fa716f150ff4
-
SSDEEP
3072:RHWxgKaunjEZfC9Q0Q9Jv8C0C0tgNxMwSePl2zG3/aSUaxopK8Yg6JIaVwl2xvVr:RHWZjEZfC9Q0Q9Jv8C0C0tgNxMwSePlB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1208 msedge.exe 1208 msedge.exe 1204 msedge.exe 1204 msedge.exe 448 msedge.exe 448 msedge.exe 448 msedge.exe 448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1204 wrote to memory of 2812 1204 msedge.exe 82 PID 1204 wrote to memory of 2812 1204 msedge.exe 82 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 4224 1204 msedge.exe 83 PID 1204 wrote to memory of 1208 1204 msedge.exe 84 PID 1204 wrote to memory of 1208 1204 msedge.exe 84 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85 PID 1204 wrote to memory of 2068 1204 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fd894828340a0ba56074c2b9051a7a5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1204 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee03746f8,0x7ffee0374708,0x7ffee03747182⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5545624161686489189,8416812301849611026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:22⤵PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,5545624161686489189,8416812301849611026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,5545624161686489189,8416812301849611026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5545624161686489189,8416812301849611026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5545624161686489189,8416812301849611026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5545624161686489189,8416812301849611026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5545624161686489189,8416812301849611026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:12⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5545624161686489189,8416812301849611026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:448
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
23KB
MD5e1c71f7c04be834f5587230db2ad24b3
SHA1f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA2569fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD5e91404d34e906801434096f006d49a65
SHA194244365675998eb8ba759a54f341c746047259b
SHA256adef5a8cce70c146239fa8fc8c527ad7652c4434d088f86b5d0b873d5e7f96a9
SHA512a44c2306080c514bdb96ad44e9359e65430933cb43d49e114ebde9932a2e7061278535f561e98f21bbf470cf427c3ae8c23c57a3d6a16d1248edb6c8c9aee620
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD566f5f098be16000b983a8d686ddfa6e5
SHA19f0abc128528433e63539cfee0f39e2800fa20ed
SHA2569a657cbba043c69bc9400d0020972221fe59d8add4193b70dc7aa67f81724d8b
SHA512d0fd9165b6c55946268ee178d758f1c90ec497c4c80881d1afe36f5550b20690b17789d9f3503fb537dc134ff810978746b2cb8097927153f99d92431e485c37
-
Filesize
1KB
MD5edeea8be741f745bcab2537d14aac874
SHA17115ee1ba12bb385f1aef11d8830a0839b4bd93d
SHA256bf8b279e9286a15fe76f983f0f658f9862fa5342fb37cc036228eec52cf9de82
SHA5123c00d89c134bf1deea21682329b6508daf6e16c1598a9bfeee827f29394fb9288a719c4e41cd0d9e675023b5f84294a2332dc51b8423abfa1f738eaea4f50e62
-
Filesize
5KB
MD5bce700d40035c75549970c42a3a6bc99
SHA19107b45f96a290bb6171b2d138fc09bdc43b2ba2
SHA25606d2ab4e6153272851ddbc7277cbe3afa9614ef7603844cf46d9f222a933b3db
SHA512ed7d1d6ccd3e7f2ad9e5908069d2255e051bc628f86c4bd1e15730122663ed86a9fde73fe5470dbc4473819daa41fcaa1995afd04f7e76657a2e17310ed3c340
-
Filesize
6KB
MD5373914d9cfa1152f731bec54b8c9c39b
SHA1df33d9ff1e92289a6c4cd1d258c34834f67b052a
SHA256fa14457404a08468e577909f10e2fd6753b9a203d07f29562d20088bd10331d8
SHA51255bfd51af51b9843f3c4a6ea9eab56d43dcc6fecb6bece72bfb9acf57eebc0678f147fa223b7c8b283a555124ad501bd268ce8ae84c0a7e764c36842d7cacc38
-
Filesize
11KB
MD5a9c054051bb06ed01a015d6a468f36b6
SHA162bfe46b67da57e4ee6bbe9aa58e691e7ccc716a
SHA256019084e2a5a4b559fdf03825139d3822c469cc96294de1769fecc7608975d9f5
SHA512ced024bada0a6754e285a415e3d00b2fa22e7990b3c699c0ef9f53e6c9f8c00f15ffb3470c5bc0179ee3272327256b5dd6c9263adf1e676aead2e3a12e1d8efc