Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
8c664adf806f3198213ba7c33a630235_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8c664adf806f3198213ba7c33a630235_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c664adf806f3198213ba7c33a630235_JaffaCakes118.html
-
Size
136KB
-
MD5
8c664adf806f3198213ba7c33a630235
-
SHA1
9fd882280c9089c5eb307c23e412fffc2fa03283
-
SHA256
1670ef7588b393d755174d5b166ae939aa9ae06541f1fda9dad5589161fb988c
-
SHA512
d9ef84c82d83d2df58177c024b678f0de167a028e648ab0edec4436be5fc2a7c0323cf09bbdbf6d1686f6b772e885d653005da131baf27ac938cd2087f0d244e
-
SSDEEP
3072:S4Idl0WBlqyfkMY+BES09JXAnyrZalI+YQ:S4PWDsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2384 msedge.exe 2384 msedge.exe 3600 msedge.exe 3600 msedge.exe 1932 identity_helper.exe 1932 identity_helper.exe 3972 msedge.exe 3972 msedge.exe 3972 msedge.exe 3972 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3600 wrote to memory of 452 3600 msedge.exe 82 PID 3600 wrote to memory of 452 3600 msedge.exe 82 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 3152 3600 msedge.exe 86 PID 3600 wrote to memory of 2384 3600 msedge.exe 87 PID 3600 wrote to memory of 2384 3600 msedge.exe 87 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88 PID 3600 wrote to memory of 2032 3600 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c664adf806f3198213ba7c33a630235_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3600 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafda846f8,0x7ffafda84708,0x7ffafda847182⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:82⤵PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:12⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:12⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:12⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14738964073941283526,2946873659255526758,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3972
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2336
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2892
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
185B
MD549368f8bfc5e6ed94d8a7613e14a4c29
SHA15183538933733f656c2db79f42dc5f5d59440b96
SHA256dc94e37d8f618d53e6bb2f74208369e258a9e61d683552a599c06679191b4c1c
SHA5128e5b641244b9057f99d92358cc07b586a86d39f6878cd05b8151f2ed35fc8c0dec79b1540ce3891125aaaa503e9273a673381c86113bc33a6898fc4260a36755
-
Filesize
5KB
MD525aa2e82d9685fe4af06cab56af79e89
SHA12283e7c658051d18d98d644231d9072d290d8050
SHA2569cbf29e03ec613e6eb614fdd9337aa9df7aaa9f5876ffd99d7f2dcf777c07709
SHA5125fb36de02e06e11f9135ff7f049d7526b9d1ea7a857006e562e831aaa40eae3a91d6e945568dce6c0906671c38a51ca62ac35dabf362c54e0118996f8ddd6ddc
-
Filesize
6KB
MD57ebc475f3b19165a7af7cbb0ecf5f03f
SHA116ab0569fa181addf6bdaa6912ea6926c7138fff
SHA2561335f41379b9d9c5261eac8cc90956b75e34b671b6532c5a0a1d0c9ab98b1612
SHA512caf416771d1d28016acdce788e654debe896af8a9bdb29346dc6e3d90265747499ccf3f5f8933c9cdfd94c9ca4d194f81ec0b9213947ca3bdce9fefdea687057
-
Filesize
6KB
MD57ce119e17faed4c057eccadf1e1e5685
SHA1cea6d96cdaedcd55f3d4f0afa7330fbddeb77711
SHA256200c4b6c91b189c339ee40db0bf8fdaf4f7d1a14e065b6de8e8ee858ea8b8763
SHA51275b47b5a3c40cc0a3eb8ae10b33c50dbbcdfe5e64dc168369b778b7c33afb4ff64e43534783996d792778164cbdb20b181942913fbbeeb75aca6792a6292e7ff
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5b34fbf10533c4d52b3b47d0b5a0440b8
SHA1fec3531fa07868df68c6a16a4cfcdb92f1c01e3c
SHA25626377cd933ac08ec0461fb9012ec15e23f49d7e74b3189852868ba3a53b6ebeb
SHA5120669a37e9da636c7300d2655cce548e0a0ce92d0fc07483f0fc174fc7cfceba5e771ceab35acc2ac8ad32e4e6341560a97d753b70abee647650c3836601b38d2