Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 00:52
Static task
static1
Behavioral task
behavioral1
Sample
8c604d810813dc52eed4a3bbc81b7ef6_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c604d810813dc52eed4a3bbc81b7ef6_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c604d810813dc52eed4a3bbc81b7ef6_JaffaCakes118.html
-
Size
121KB
-
MD5
8c604d810813dc52eed4a3bbc81b7ef6
-
SHA1
28db49bbae67cd7eb5d2f7c77b137e6eec0dfb4f
-
SHA256
95d3b4206c5d85dae558951c80607153c76e946adaafba8a0a997f2acee8ba69
-
SHA512
459c3d1856e458390140dd02ba8c37ed40e477d33480954f1be4f70979a4468a31b6465a10a007ce18e92b433f134cd3cdaa2737b6d4df3263ee7d4dd9668370
-
SSDEEP
3072:y1Q/yUcjvG8rMUcXmNRS7aYESMSGEWMgh090Lv8cFUfa:y9GXmNRjb
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4992 msedge.exe 4992 msedge.exe 3900 msedge.exe 3900 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3900 wrote to memory of 3244 3900 msedge.exe 81 PID 3900 wrote to memory of 3244 3900 msedge.exe 81 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 3812 3900 msedge.exe 83 PID 3900 wrote to memory of 4992 3900 msedge.exe 84 PID 3900 wrote to memory of 4992 3900 msedge.exe 84 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85 PID 3900 wrote to memory of 2040 3900 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c604d810813dc52eed4a3bbc81b7ef6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcefba46f8,0x7ffcefba4708,0x7ffcefba47182⤵PID:3244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9134274462718753319,3578746739521668445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,9134274462718753319,3578746739521668445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,9134274462718753319,3578746739521668445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9134274462718753319,3578746739521668445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9134274462718753319,3578746739521668445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9134274462718753319,3578746739521668445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9134274462718753319,3578746739521668445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3740 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1712
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4220
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\146a7f5b-59d8-4a2d-9c3b-2a131e4559c4.tmp
Filesize1KB
MD522b5c7cf324ee26b580fe528a3715e2b
SHA1fb41925e1931be1d9494b0d7d6ddec270377957e
SHA256c5d3321636f7045ab34d9c716a9d49a267f087d235d1db13cbb7a1635133eb8b
SHA51294cf701699710588b3ea9f1417ea07316aec31609f788eff2f83cf8096b85b99422903ce6fe8a63bacafc5ea2fd1faf7e2142b64417887f84cd9803e84563352
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5cd64febd1b8188af58520fcb9f55ed37
SHA191fb170c6380180d1cce3fe147d7d2d53ed1f8d7
SHA2565808599eda71944a30c5619f01eeb31c36e6f637531b00f6bc77854911b50e0d
SHA512e22716b4644a475a7111e764da8a341e2dbed44601b2b8cb8c33564161bb667023961f2705764051b9d48f08f772af6305d3809ab2d7c879596f6052f9296077
-
Filesize
907B
MD52f90f232eddac5b331cefc951cbf6ccd
SHA1b732c2b88bda15cc0d3141090a52f0fced3a695d
SHA2566fd54fe4696cc215dcc341086232af0f5ec154f79be67af40bb95a05f0225d7d
SHA5128862f4b360da3429036bc40546febef3106a8b538d1a10da5e273f4a46dc168a9bdb5fb60e86897b1ed0cdf70305b486000eaafcb9877ae681130ba26f0d8c9e
-
Filesize
6KB
MD5f9aeddb110e32d187d5c1977a8ee8733
SHA1e34355a032ec4a6136d77510924a78ac006c6d30
SHA256e4313a9e0a5b74601dc0dc960646ba9be21106213f22b244871a7e26be1fa3cf
SHA51252a080c81e8091c164cb67094dd82cae8216ad82e90945a67dcc2dd6878255773be8ee4c49974e932167f77993d8d56ffd725dd8e2d79190a2b8412a727260a4
-
Filesize
5KB
MD53fcb8434e01697a30dd4b3f81b18da34
SHA1a0f611a2d676c71374f92dbb02b84c352b6ff763
SHA25618f63f438465f6c495add13d8559b77d5ba2433eeeb0a57bc258a44e5d4f5472
SHA5125e349cc96cde3e568f33a8ea04776a2da2d4f6d2262cbc1ae20341cb836ba9930ea3b4c9874b73f0c5676ea9c82bd573f60669cb59a79b3d9c15bab0ffde210e
-
Filesize
6KB
MD52c35c7cb61c865317feef1414e3c9e14
SHA1e7a784af40425efc72b1421e314ae8f82900da6f
SHA256f8b742a3f68433725d8f63a4596edd56998703cfe23a84e37d67a45f9a99665a
SHA5124cd1f15f5f4c19df481cc0cf91910411442f5a6f99c94d3691807699d540e319d0ff4c78a7ce5e538e2f8e01adde616573ef9722ad4d6e957ddaac5fc859e899
-
Filesize
10KB
MD512d4f39eb9f1a8c354733ba7f9f44ab9
SHA16d061ad30516bfa2593fd19afc3ddf40126fe12c
SHA256bcfd6717ca6e01b2db12b8e82dc48f8f4dadd80381ab289ff59915f443bf0c73
SHA512a0d8c6ec178262fed47e69dd2b7d4dd2f135e14a3e86a79eb874c1205bcf549e9a01f1b8b6ab6f46d507b8b0cc294b11ab73e425bd96b750ce55167dfa815d28