Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html
-
Size
127KB
-
MD5
8c6635c9f0d5f3c7b7b01864ad0b3524
-
SHA1
8bb7e4506402e56165aeb75332d0b24fb8f2ec71
-
SHA256
00e8bdae831e0075c9dca60083543b35206d43b3c954649c70d2edf7fabd23b6
-
SHA512
5e1c65eed16e615097c5971f8572835274e5f071b73e172971e34123827b85b073a1b976111ff60a34392b7b941696bd53cde0320eb571bcb5251cdc0cdd947b
-
SSDEEP
1536:SN6HzD1RiUkXbArGGsOOUbokvSuPka2zBGdo:k6HzD1RiPcr9vSuPka2zT
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 716 msedge.exe 716 msedge.exe 4244 msedge.exe 4244 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4244 wrote to memory of 3252 4244 msedge.exe 82 PID 4244 wrote to memory of 3252 4244 msedge.exe 82 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 2820 4244 msedge.exe 83 PID 4244 wrote to memory of 716 4244 msedge.exe 84 PID 4244 wrote to memory of 716 4244 msedge.exe 84 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85 PID 4244 wrote to memory of 3772 4244 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4244 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdadfc46f8,0x7ffdadfc4708,0x7ffdadfc47182⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:12⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:12⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:12⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵PID:4156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4748
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3260
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2080
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize264B
MD565dfdbf2b7278ebebe28212675a972f0
SHA1e2e9f185420f8ea4f12554d2109c84ad8f610217
SHA256ff2347718ea6f4abccdbbf705c4f954bd61caa3b71592cac15b90b9cf8a14bef
SHA51277374041625f33d673eecef11f9471e124132248c6444755ff9e1757d5af9a12eaf25bf75f27955de4338ab65e66d77d32aea3f9a8be1d2bd1a628512ecb513c
-
Filesize
1KB
MD5aa6eb615c9f3983e00f848653de1f7f7
SHA1bad98541f41d28242c062ceb9c9dbda59109a51a
SHA25613a2bd2c8faf3d3743a22ea81f1a219999da6a9ba06cdffb683a4f3daf35a2e5
SHA51283b90b1ae30ca16ea04dc5ef93ec6b77b97ee328fe9e9661bcbd61ccfab8cf270d87f34248638f345d0426b322e3314a2052fb1348b98021a8626de50dc72aed
-
Filesize
5KB
MD50e3813de7db04ba0ce838902ef8b9bc8
SHA1642bdc44f67090279665efce725187fda98bb51d
SHA256dada149c1bcc53d1213b7bf5fd9f15aa100baed14c6277fe220f974856bdc7d3
SHA5127a0670711a59f3e32977c83a945849d4097e0ad01859e89c92106b5204997eea61b6f8df3d2a6900d3b179849228331b3dc710b8dbb0466f62278cd4c88ef027
-
Filesize
7KB
MD5153bb0ce7640c67558988425561edd81
SHA15dd38bdfd919ed5f141d703b36752f98388e09d9
SHA2561e33cf382fb0e4817cd3bef02488c2457fc89d7cf5f5793a750dd373b2b718a4
SHA5129342ab387e78b08c16e19ddd7b876c779a2d71d8da13f78ab26ef3db895138d485bdc9551ff0406169071b6873135b93a19df63d06119d2dfcdb9027d37bb824
-
Filesize
6KB
MD5ea0cecf0a8bbea60b06110e1fe9d139e
SHA172e8fe8f4cd99fd8ca44a699d39abbf311004596
SHA2563d35883d3adcfb74dd6765b8ce837d49637f89062cb0820a306c6e132a66adae
SHA51232fd112d3a657940a2715cb4094dfb54b46c6d9a93c6474e101db41f0669038df406baa3635c93cf304312d5a09226671209c9a6fc133f0287f16362605341e8
-
Filesize
10KB
MD53ede992180cddd893445475ba094d727
SHA1c2ebb998043bab87ef57b1407c777590d12156b2
SHA25697176aa8d28b0f643b14a44992397e39fab6d3abed3003a0c530c3e72f296bd9
SHA512f9b3c9cfa86aaf3cdb19b00157c02f0ef70f46aecc4fc1ec495745590fc050aed2ecb9bf9ea20835d7e1d564229feafc475196670019c2f0a64ebe5b36a8ed2e