Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:08
Static task
static1
Behavioral task
behavioral1
Sample
8c6900842c4be95831a29d2dc3fec199_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c6900842c4be95831a29d2dc3fec199_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c6900842c4be95831a29d2dc3fec199_JaffaCakes118.html
-
Size
994B
-
MD5
8c6900842c4be95831a29d2dc3fec199
-
SHA1
12a56ff6d6e02033323a26e34f7b0244bb3fd522
-
SHA256
122fbe6f9e7b4afc0508bdf245723892765c342b6179e85478e95a66fe6fccd2
-
SHA512
c55b34b52fdc6af3fbbecfda31ea27fd739be7f1f3bd188a815cbbc3d7fe7156dbab3abeda03f944bf28709f956c1111c1d270f4493509c9264c8138d716b36d
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4388 msedge.exe 4388 msedge.exe 3564 msedge.exe 3564 msedge.exe 1688 identity_helper.exe 1688 identity_helper.exe 2764 msedge.exe 2764 msedge.exe 2764 msedge.exe 2764 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3564 wrote to memory of 2436 3564 msedge.exe 81 PID 3564 wrote to memory of 2436 3564 msedge.exe 81 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 3588 3564 msedge.exe 82 PID 3564 wrote to memory of 4388 3564 msedge.exe 83 PID 3564 wrote to memory of 4388 3564 msedge.exe 83 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84 PID 3564 wrote to memory of 3624 3564 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c6900842c4be95831a29d2dc3fec199_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3564 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff8f93d46f8,0x7ff8f93d4708,0x7ff8f93d47182⤵PID:2436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:3100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:3908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:3796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17786444515492619140,6436634933646186381,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3656 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2764
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1064
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4236
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
5KB
MD5047d7cb24565aa88f2419fb8b8ca068a
SHA15d1afee2cb5303607c24ab67d90cf35183296662
SHA25696cc2f342eac8b07c0470233509a1e7b188cba59fbf5248da1cd566f777eb1ca
SHA512cabe1a9d2cb297d46f1f6632af8ffa17a623b8ae4db395e0494fbe9394f4ff287a95b1c4949455ee59c47af824f040f257034813ae9720f6118ca27e7172d7ed
-
Filesize
6KB
MD564035fc6da96c353885d368457968148
SHA1665805bb5210b0b1d1680dcdfa9123e8be1f7652
SHA256fc7e99f66ef39754b7305f369bf37d48bf1cb200b7b22b225085f4a818ecd153
SHA512a6f100d67715761280bd2b11b8fec30ba88b19310e7540da6dec59ca66609916b8b456b6a3f93dfbedb64473e9521dd470181ab423247d560cd8bee0fcaeb7a4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5faa8ae1a9d6d6033240ed9708aafbcb1
SHA1b098d0ca9a9653ca6c3313cd9bb0dfa6a9028e38
SHA2566459d42ca6d3422c4307d715e17d213e0448ba6349af7f919cc4f1a75b287b6c
SHA5128d7b469890a8bc47596a5c3ededab219f6ad266ee178bf7957afeba8c2d8f028fc70a5e84afc4766277dd2659137efd0be8473dd7bc7c01c292f41c1d5660781