Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:35
Static task
static1
Behavioral task
behavioral1
Sample
8c7a831ea7be1fa96c0ab6f4b9c86b68_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c7a831ea7be1fa96c0ab6f4b9c86b68_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c7a831ea7be1fa96c0ab6f4b9c86b68_JaffaCakes118.html
-
Size
46KB
-
MD5
8c7a831ea7be1fa96c0ab6f4b9c86b68
-
SHA1
8e5cfceeff776ff10b94de449f8a6d829d9e7164
-
SHA256
2d33b89215f1c845476fe0e81570fc05535cc92e3c6c982546609f0bf5dc8dfd
-
SHA512
6c1d6d06f702841ec1498051c44f372ab88973d3477e60e0a27fbb233c537ec3c13fb35c70eeb5020f0c28aaf227a39c9fce74e7f987cccc55fca29907d55ea5
-
SSDEEP
384:m0XP9jf/DKejmdMhxczF5Joncic2XM13gYbF203DOs0XP9jf/DKejmdMp:m0NoFKcr13gsOs0N9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4868 msedge.exe 4868 msedge.exe 932 msedge.exe 932 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 932 msedge.exe 932 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 932 wrote to memory of 3668 932 msedge.exe 82 PID 932 wrote to memory of 3668 932 msedge.exe 82 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 1428 932 msedge.exe 83 PID 932 wrote to memory of 4868 932 msedge.exe 84 PID 932 wrote to memory of 4868 932 msedge.exe 84 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85 PID 932 wrote to memory of 4732 932 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7a831ea7be1fa96c0ab6f4b9c86b68_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:932 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe344247182⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14887223139263996228,1011685318235665943,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:1428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14887223139263996228,1011685318235665943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14887223139263996228,1011685318235665943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14887223139263996228,1011685318235665943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14887223139263996228,1011685318235665943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14887223139263996228,1011685318235665943,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3308 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4708
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1896
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4288
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
5KB
MD556feabb195854a2f254d9ded1c00bb6c
SHA183e4725275003183fb1d4cdc8299f258f51f7d24
SHA2560982f3b41e4a6efe0f0ec42dd7ac70d2ee8917325f3078fd2e2830a409e4b443
SHA5122b70073ed1ee3d492628560d22f47035ad39e1f022a7b2a8b5705db926e8439baabc268ee40584ee1b351eb23cc7fb5598aed18206b56dca7a2f7cee8ff4d45f
-
Filesize
6KB
MD5a8d0afe4ae8646f405076efa4e40953b
SHA104094be54c5b1a49f7bbb6da3846fec53e74f552
SHA256e975255cf43c77a20db450c71a2f38a51ce9c9c67054892b303e1210ff2db8d3
SHA51292230a14b15553e5a4bd1e9256e95153f160163eceb8e2362b850f61280e12e3c62a156957da256f065630b3ca2608275f1ae049cf18f74d07b863fbcc4dbf4a
-
Filesize
6KB
MD518ea4ccc1aac2cb901f382fa83816d72
SHA1a45ae11d934c56690764866b19a19af3ddf2cbb5
SHA2569a2dd344d6ea4e2b03a48000aa039c19ef9b87111c67c2ecc543d6e61317f9d0
SHA51260371be9e75a59181895d7fe2dc3c5aa858ccde6cfff359d83c2158c18d171f4043c2587413fba5b73e974988a05755f02c075fc6c2d6ef795ce4d98ad931888
-
Filesize
10KB
MD50ba373a58745e392e98c84d192658b67
SHA118a83acb43f9129b942c5c16e69e705c68914c88
SHA2562df2ba70266a066a1c960ee03f7dc358b5cc2edd5962318ebdfab8fe1a198dc8
SHA512e27c9091969a4764ea98e7b73af7da5a5013fb856329d469e528af1858d26061f84a4a4b72ab7889ea12bace3e0b1beca60734ff6ea7ba0edbe59d2b66f95106