Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:09
Static task
static1
Behavioral task
behavioral1
Sample
8c692a5b33c5c11d3d4dd1bb5d8474b6_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8c692a5b33c5c11d3d4dd1bb5d8474b6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8c692a5b33c5c11d3d4dd1bb5d8474b6_JaffaCakes118.html
-
Size
261KB
-
MD5
8c692a5b33c5c11d3d4dd1bb5d8474b6
-
SHA1
3e7673399db8cd0ec922f5cc5af3aec7bccb37d4
-
SHA256
85e1012e061914c8ba7986e1c96ef8fe3bbc7e2661dfc0371153940ccae6e524
-
SHA512
c6ca7f7503664bc4c20d2d1dc1237ae383444c3400451a109e4a0165760d514962803b33825733d2006d6d5f238d601fdae89505303892ca077fd793493cd427
-
SSDEEP
3072:S6UyfkMY+BES09JXAnyrZalI+Y0J4zjPafQI9HdmHB847iy/3:S2sMYod+X3oI+YGQLafQg+BLig
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2056 msedge.exe 2056 msedge.exe 3720 msedge.exe 3720 msedge.exe 628 identity_helper.exe 628 identity_helper.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3720 wrote to memory of 3664 3720 msedge.exe 83 PID 3720 wrote to memory of 3664 3720 msedge.exe 83 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 4600 3720 msedge.exe 84 PID 3720 wrote to memory of 2056 3720 msedge.exe 85 PID 3720 wrote to memory of 2056 3720 msedge.exe 85 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86 PID 3720 wrote to memory of 2468 3720 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c692a5b33c5c11d3d4dd1bb5d8474b6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3720 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8591c46f8,0x7ff8591c4708,0x7ff8591c47182⤵PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵PID:2468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:82⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:1880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵PID:2500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:12⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4351226805653557619,10913780621177389607,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1232
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4060
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4992
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
477B
MD57935da65e276e5761e3ae3c5f6b70e81
SHA10583c8f054299e5f5b70c0d3a972d88559dde08c
SHA2564c9557ccc0d3699f6bd67034d60317a999d17967774fee5037ac361826dfbd9b
SHA51256d13af4b40ba83d3369b87ee4dc6402b6c864e410addcb9c59fe2f1db9cbc97575966470c020703174e6d612c0e2e07ae5f05e589f791bf0cff7636f4bd2b29
-
Filesize
5KB
MD5966b35f1b0d9403a44ef6ed83c5d634d
SHA16fe5a3cea5ff17e17b608cc47fe0e288be336262
SHA256aabeb9697a391aa353aab7665187036a5a174a9e3d130891ef08503b4be15dd4
SHA512fd22eecfba36cc8deb720ddd863b64484f1a9fac4ee919a45bba1f4b6ed21c998bd8fb0d584139e8da18bd65e1e029764db4d3941f2804adb9515b04632b8aaf
-
Filesize
6KB
MD5ecc82336dccf68dc7425dc51c4c2aa6b
SHA11f2bbbad60444f529d9d6a4054ce6490bb7586d5
SHA256412a5ae682fe4302d7b1b66791d1c4789db32c43b46878eb228161284f096f6f
SHA5129cd89f32b3f28b43471f84f3851e65555d4993b375c5a76cee4212ce823ff0ab2775636ec3dc2a6e4de89d8e6b1761c8319ce6411b8242783549ec1c0c8b2668
-
Filesize
6KB
MD5b986acb0cd3bcb588c8332c1615c1eb7
SHA10683c4879b3b56a85882c05fc858e3ec6a67fcff
SHA2565cabf4ee81ebdf1510ba8f427574b53921665b5d62a991d804e644199987b74c
SHA5127428c52d476df38a3c15625673463586576386ac89f1dee88dbdf04e9baec21aa77d634a52728ad23db52f7730349439c24735266348bae19ad848859334baf6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5caac26ceaca2e56e5b4b7e574e6a0ce3
SHA115353457b59df725b13d3e894e42796637ff17cc
SHA256489295a051d687b1f07c9a7754e80db35012ceef35ee879ea5a85be2d833c1cf
SHA5127f153ab0897778620aca7bc34b0435c263fa312f0c07cdaf86f0bedb5dbec4537ad9d0b1f6dc27a5d5b7a523037fbe912f84e6131bde1a3b2e0ca93de531973b