Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:37
Static task
static1
Behavioral task
behavioral1
Sample
8c7b6583515767fcb5710b72b224f091_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8c7b6583515767fcb5710b72b224f091_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8c7b6583515767fcb5710b72b224f091_JaffaCakes118.html
-
Size
116KB
-
MD5
8c7b6583515767fcb5710b72b224f091
-
SHA1
0509e2d73d86790e234d11124c23a1f0a4ec380a
-
SHA256
924319824e4dc9749865f888984b02e33f43facfd7b760b5b3fd72b44539fdaa
-
SHA512
85fbd7988e2894a0e995e5720d32e0aab4821e66474be963b2d0fed961cfd38e62880d10eada6064fdce84952261bd5537ffe44bde59223aca56b103753d69e2
-
SSDEEP
1536:hun7oJ9CVGhVGhVGAIocj9wk91exalq1coGkFga5LYgWDuBH:4nLVGhVGhVG5L/vexZGk66LYgWDuBH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2848 msedge.exe 2848 msedge.exe 600 msedge.exe 600 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 600 msedge.exe 600 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe 600 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 600 wrote to memory of 5048 600 msedge.exe 82 PID 600 wrote to memory of 5048 600 msedge.exe 82 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 4296 600 msedge.exe 83 PID 600 wrote to memory of 2848 600 msedge.exe 84 PID 600 wrote to memory of 2848 600 msedge.exe 84 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85 PID 600 wrote to memory of 4332 600 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7b6583515767fcb5710b72b224f091_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:600 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad3946f8,0x7ff8ad394708,0x7ff8ad3947182⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:452
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4508
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1220
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
1KB
MD55576d5cfc2c8ee1ce19d9dab21a06dba
SHA18d5bc576b2263c91116528222ebb33b733712e25
SHA2568c6a5a815999df791e5425e27df6bf36989f13de30b118d270d961e337bf83de
SHA5123de289a4ed05574e809d3ecc9d2c920cb3bf09c25139d9e00e48f3e94abc946a89738ae7e7899dda891757637a3a8a952fe1dfbc0772f153af2db38c81a0a261
-
Filesize
6KB
MD509dd4af1115fe5d2f71fa2a0ce51724b
SHA1f997517d0af0b921a169483f0ab98179e98d716b
SHA256f0efab7376b045c8b5912c4a4721b37a8fed0b2b0adc903ce3d26d2de9793b53
SHA512180adca7d0e0dfa63fbb0e229eab675b3bab917d2888c5a3613a4df743a2f0b0fc6b6867b2af459302d636de1b8ad69db92a6d5fa5891c0e533c1993380c086b
-
Filesize
5KB
MD579099088a25efa1f0e358b2af4adb41b
SHA1a939a7127befb0a448e4f62ba541008df6f5abb2
SHA2562e1a44514e3da62d6e0b414b84b74ec2ea99067f208ca39491c64a1c36f04f41
SHA5121d458f4f667c2982131c62043d0867c160ed6d7fc608edc91b3f7c2aa6eda46d65050d35f25e18a911ec7141d02249bd068496959ffead0aa27c20a457f07093
-
Filesize
11KB
MD55cbe16c5abadbd60802e7c7c5fc955a2
SHA1b4a01dc0edbe69a48a5b2965ba8f78d0853fdf2e
SHA25695205baf74038d4796ead438af06daf02b9df4837307022110687a57a88d229c
SHA51238ac2a330630dd9f47f7de483e8d3292b70f2b089d358127ceda84fd7ef5b8b63a8054a2b543c79eac225882514986333212ae7e409a369e5432e5ba485184bc