Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:55
Static task
static1
Behavioral task
behavioral1
Sample
8c87db9842a7174a48b57751065289d0_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8c87db9842a7174a48b57751065289d0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8c87db9842a7174a48b57751065289d0_JaffaCakes118.html
-
Size
45KB
-
MD5
8c87db9842a7174a48b57751065289d0
-
SHA1
11e348be82cf8b89a9da9140ac1e49a61f9ee087
-
SHA256
630a99e6e04770af10f4a7bad52690ead21e8be7aeaf950760d13ad7910c8a47
-
SHA512
8a0bbd6a8680354c696341f62bda4410d2dbf2c30971da06044a13a044bb5c05590b9ea8c19f9140b72912c3c07d43db87d641b2a6df68750308b27209ef6bb0
-
SSDEEP
768:SSu0N+Xakq2s/o7HDmQ2wD+nuMpvj02xHQhUlQjj7BaR86JpX9798CtNjdETcyM9:SSRN+Xakq2s/o7HDmQ2wD+n3pvj04Hw8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3096 msedge.exe 3096 msedge.exe 3168 msedge.exe 3168 msedge.exe 3796 identity_helper.exe 3796 identity_helper.exe 5648 msedge.exe 5648 msedge.exe 5648 msedge.exe 5648 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3168 wrote to memory of 1336 3168 msedge.exe 83 PID 3168 wrote to memory of 1336 3168 msedge.exe 83 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 4932 3168 msedge.exe 84 PID 3168 wrote to memory of 3096 3168 msedge.exe 85 PID 3168 wrote to memory of 3096 3168 msedge.exe 85 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86 PID 3168 wrote to memory of 4628 3168 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c87db9842a7174a48b57751065289d0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3168 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa127d46f8,0x7ffa127d4708,0x7ffa127d47182⤵PID:1336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:5660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵PID:5640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:82⤵PID:5268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3318744537788887216,3258049948577798828,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5604 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5648
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4192
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
304B
MD5e4f0a9691c46477fec438c607f3cf906
SHA164cd97e68f97ca53044f69226c37a01deab8df7e
SHA25622682f01647f5c8f33b6e5e6322f951bc7022feb0cf669d432cdf5a94031a655
SHA512f1f7c4c6c85e850aba274e41d0128b9299e1ec1f4c779448176c811da93e215a21347bd39ed6dc4fcfd7f953a22f988bdc91fe88c8485c1b6dc99dc4bf5ce6cb
-
Filesize
5KB
MD566d9060e5ee4a93ccf9efc4c7b8d030d
SHA196cb9ebf2f313de458d5c0a141c5b369cd1c4f79
SHA256aa4ca0c9ea142315407a7568ed7cd85554d3d0069dfa85abd06c69ceeb946d7f
SHA512a11e5432a9a688f2a14da77ae31ae45404f1d222a0441f1f21e27a6ff7fc1bbab4b7510519881860c3476b6d844bdd9a82ac5d699dc8a1b4841b72cd8b622646
-
Filesize
6KB
MD538d40e186332f0fd9c5c9f7f96311d44
SHA182ef8751286d4b87519968e4f25d9b4ee1fd5da0
SHA2563e058181c9720f9af92b8207e1ba6c05b1d5887191044cb3af6d6bbaf31cead1
SHA5129688d20188a9c951a98b44f03de93495c68f83e9c93140b0d175ad0847f0543f600a1953a38ba9bc9316b8a764256c9448b3128b5f0a99846e74e6119600ce98
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ae97747866071007f6911a9f6da8de16
SHA1f5eae7f8d39ae3fd56b44a024d174b53b1854977
SHA256d806a3a6a2b8532156d26c248202f571f5eec9fda891e5a9a900fc5f7f4894a4
SHA512cd541a42c25a75a80a2d403916abc3d88bf62b1aa0a4951527f9bc141044062214ea1a9be3b8847c0f398a01a6275b50d25876b705a57ec033f74363c37ce75d