Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:36
Static task
static1
Behavioral task
behavioral1
Sample
8c7b5b9c5e0ff8fc3e13629c8f35096a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c7b5b9c5e0ff8fc3e13629c8f35096a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c7b5b9c5e0ff8fc3e13629c8f35096a_JaffaCakes118.html
-
Size
55KB
-
MD5
8c7b5b9c5e0ff8fc3e13629c8f35096a
-
SHA1
321cd59c07920acef22bfdbddff9a0c0e9fa4811
-
SHA256
2d088aa05b54bec0564ee4d989aeb5b4f171017f554b14d3dd5db7bb752a1cf5
-
SHA512
77f16a587f1e4e7bd5cad1db584270f2e80b09b37bba47cf12b0d4a03c9d118f722bc744fd9ba4ff01f514d46b9a65e1e388900bb5128d40cd590a89bf67a75c
-
SSDEEP
1536:XXKqUaIrbQizDjf5wep15F29rDZaMkvww26rGrg:XXKXxzDdwe5FyD02EB
Malware Config
Signatures
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 11 ipinfo.io -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4840 msedge.exe 4840 msedge.exe 3256 msedge.exe 3256 msedge.exe 3156 identity_helper.exe 3156 identity_helper.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3256 wrote to memory of 2980 3256 msedge.exe 82 PID 3256 wrote to memory of 2980 3256 msedge.exe 82 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4556 3256 msedge.exe 85 PID 3256 wrote to memory of 4840 3256 msedge.exe 86 PID 3256 wrote to memory of 4840 3256 msedge.exe 86 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87 PID 3256 wrote to memory of 3564 3256 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7b5b9c5e0ff8fc3e13629c8f35096a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3256 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aba546f8,0x7ff9aba54708,0x7ff9aba547182⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:82⤵PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:12⤵PID:3604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:82⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18049399029321895977,9227328739070265725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2412
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:788
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2716
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
588B
MD5faf66425b5c0e0e9a3b7e36c06200e94
SHA197d966b217cf42a67323fbbee04078e721c5b75b
SHA2565b9fa82f91551a728d9404a1e402fd4828c15351ff7a41f96a3270fa52ae0de9
SHA5126d8b716df41a6608b3380ec3c578301b3c8388687a8a10e3fa3edb2bb4c10c3e97e96a3a9550018c65809789e1f4b7c7cce8064dac560ac1c438dfb49dbe21b9
-
Filesize
5KB
MD594188ddd14364a3b1093c8b7f90054d2
SHA19d1ff0465b3a36753f5d302aee4e4517a30a5ea8
SHA2564a03b523f7cdf5007cff517baaa474b1abd8ad30b7f3fa7d77a2c7569fd376e6
SHA512ee001cb6a92f021e1a6cb507202e3016d97229d122272c023c394ee84606b36b5bea192f08bb6b0a007f1d79c0edccc75f6b444e6d411fd71bb9b42d7b14f4f9
-
Filesize
6KB
MD53f2b9e5d7a2e26bd82cc3c52a2929214
SHA1df0198d37638e2b36a8b1b3179a26494fedc7ec9
SHA256656393cc5d227319e2039d1482125d9fa2710b606f54c23c63619b902d3464f7
SHA512ddd26d1917310b354832ce2051ddc89ffdc2b25af8e04e2178c2ed8293af805a39496b1f54eec6268ce4a4a020058e3629e832e21f552c7f124675cf3b019203
-
Filesize
6KB
MD569d3501c77a31a1b20e3879ad7fbf729
SHA104f2e03c43c56a4950762ccc602d945dc43684bb
SHA2565d0de4e840ae5970ef8db440f419a1c91eef777e8002c1927c5125d5c0c86b4a
SHA512f8ccb238e7849a6fb983d2081a8be587dee96eabf24e4882d5bfa2fafb06357ba56ffec2309d7e46bd5c42ad8cd0e5e5a05852c74bd8615d2ebf1cbef1ea55b1
-
Filesize
702B
MD51284ff2cebd93c0a8827f08b8c84b410
SHA1279f34985d9790594f7e4af3589e8e061dbe6750
SHA2566c52e04d99e1d77ddd9aa2637ec73628c6300b6b13eb0fe2b5e4da3c947a85e5
SHA512dc1098b66705b857d2cc15cb7690f5f4be94868b3003320764293b1d1fe646ac814d964767f11941c360da4b5fab6fb524f4a82f69b59757bfc285237ed0236b
-
Filesize
702B
MD55a57be438fac8657c4d8e03b404edbfa
SHA1ce7486dfe9fa6bba6a63dd34f74ccf87923f412c
SHA25636ca32ff4f12787f05e9d753e6177b36bc5b85138fdd6c39bed0720a5988be60
SHA512044ae89015bb39e4451ac38b221f949683b8dba3dc3335e2f97d2af728b497f81e202e5a8f255475b9bf67434291a1d48fdd04ec44ccb69b2b81d14b68402d87
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5d5684116569ad9871bdd05818834d0a2
SHA10ac4683f6e353c383cc10078edb90d660235f8af
SHA256e3dacffe9e1285293c98540cd0eb11a6a3d265e03d6dfa2322df9b3b85d4977f
SHA512c86ca4ac15f25ec2f27b41b9a4dd55ca0f04af8f1ccba19d164104c5c92ef6ba0bf25844271cff284a9205db068b77d6f6fa6c29f8b489e80eae6e12b16f3742