Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:55
Static task
static1
Behavioral task
behavioral1
Sample
8c87db351f5c9017318a6be771f9b386_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c87db351f5c9017318a6be771f9b386_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8c87db351f5c9017318a6be771f9b386_JaffaCakes118.html
-
Size
151KB
-
MD5
8c87db351f5c9017318a6be771f9b386
-
SHA1
965f6fe8a896379102663315dee446837ea82723
-
SHA256
fd6719aec40b59412bf1de5b2e742708896cbe3004e1508adb9b9ef6ab72e7d0
-
SHA512
63e810ca2a4af2a0860e998d4faeb67eff3ed8dfec3d046f5016dd48d9bfd0ff87bcba7b7c702fcd5234a07a254970e7d6d5aafb461cbadb134214e1efa04b4c
-
SSDEEP
3072:SZizlGahKyfkMY+BES09JXAnyrZalI+YQ:SZizlGahvsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 4092 msedge.exe 4092 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4092 msedge.exe 4092 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4092 wrote to memory of 4940 4092 msedge.exe 85 PID 4092 wrote to memory of 4940 4092 msedge.exe 85 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2140 4092 msedge.exe 86 PID 4092 wrote to memory of 2536 4092 msedge.exe 87 PID 4092 wrote to memory of 2536 4092 msedge.exe 87 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88 PID 4092 wrote to memory of 4076 4092 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c87db351f5c9017318a6be771f9b386_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4092 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e347182⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6324434108359586544,12747591701938651550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:2140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6324434108359586544,12747591701938651550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6324434108359586544,12747591701938651550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6324434108359586544,12747591701938651550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6324434108359586544,12747591701938651550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6324434108359586544,12747591701938651550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4444
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3308
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3228
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD5b47ecc52b157e76775cd05fed0a26676
SHA1abed391dc985b71e47a0a3b660ca58b729adbf40
SHA25698c4f8a8cea7cfa4ae814a3b6fd84e571257a7d42942c57d83e806f09fa44319
SHA5126412667136f54f27d79abe6ef9065edc3addd633fd0549cb2f256242f831f88a51f728c8fc5489c64d6fc8dd14ff94e481522a4ef55b932cf168348e728339b4
-
Filesize
6KB
MD5bc25fb7d837352f8d38b36b8d8673a10
SHA1530ae5ab43597031480b7b9a479b4cf0cfabe210
SHA256ee6da2ebe5b1302f8ba10539dd87a804e363c4323d37632f171b304d19be9862
SHA512c83a4df0edde77c458e2c7f9a3422de8ef1dfbfe8f99d7ee08660c5ef891f8cd4203b49056356232af0efa887c0ab8808c7bd8c2863bab4e76cd2385bc7709c2
-
Filesize
11KB
MD5eb9274ed8249c4045ffb0b4f0bb3b509
SHA1f0096ba9c31489214d655bef96361a4bb67fc391
SHA256d6a97f0b31cb5c454b8a4aa43ad9414081ca8cd582f29af00eb6d71abe4fd871
SHA51265d3a28b06b70d99319ca7ec6663fb7e9ddea16e19e5f85014f08a7c23e09fb5784b16f4e34caa3b609bd5b1475be1115332df0c694b31271e16cff0420ea9b6