Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 04:50
Static task
static1
Behavioral task
behavioral1
Sample
8ceeaef305fb82416c293f434ea45775_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8ceeaef305fb82416c293f434ea45775_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8ceeaef305fb82416c293f434ea45775_JaffaCakes118.html
-
Size
186KB
-
MD5
8ceeaef305fb82416c293f434ea45775
-
SHA1
b82dcfa02ceb2fefd53903dfda06def95efb0f5d
-
SHA256
d588bb065eb0719c5fd0640bd6abba42efdf50bedf2663e0562f73b9d8e53559
-
SHA512
1cade2851175b189ce65d39ba0cf5a713702a592a59b915b0d31b59c562d643e0f26d7537e07a32bb01585b1e58d1e1611a9e2d2070787fbb0771b7d878ef1a2
-
SSDEEP
3072:bh0StzzlW7nQaH48jsqbRIdWjJLYxH5Ae18ze56QLlo8udjqBEVMvBISDERchAPA:nU48jsqbRI8yBISDEShAP0XpL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1316 msedge.exe 1316 msedge.exe 4596 msedge.exe 4596 msedge.exe 4868 identity_helper.exe 4868 identity_helper.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4596 wrote to memory of 4740 4596 msedge.exe 84 PID 4596 wrote to memory of 4740 4596 msedge.exe 84 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1376 4596 msedge.exe 85 PID 4596 wrote to memory of 1316 4596 msedge.exe 86 PID 4596 wrote to memory of 1316 4596 msedge.exe 86 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87 PID 4596 wrote to memory of 1060 4596 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ceeaef305fb82416c293f434ea45775_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa597346f8,0x7ffa59734708,0x7ffa597347182⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:82⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵PID:376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4203070715479265838,15315071545167827011,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2312
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2832
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
725B
MD5209d1d4bcc42d88e56dc19abf25b10c1
SHA1a4fe8769c217d05d27f551a0316cfbab900c3f5f
SHA2566386dab1c4e2b35c70de24d093ba8171563fb9332c1cf1a2df09270bc1d2b3af
SHA5120fa57390e8ceee7f324d1640e19b4262ad15774a9ed8bbb0ae810494ca06f71019edf40120c411c302ee05a16f3d8b9aa87920330544f540808c3a6919f6f7c4
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD502c21b32e515e3e8c422e74169991b49
SHA18e0169433876e286a44652a3d70200c5c25f0f53
SHA25639207627b549162d676d294b68195c9bc9bbb0eb726502a49f6707ca51c71b99
SHA5120222937111cb31ac4db189ea166c6b383bd7a27abe123aa7857353c1c3b1954609e08129456487b2dba378ad97ab6beacf819f4162d8aec8a8b5aea839c48d66
-
Filesize
6KB
MD5947a0084bdad8b7cc38aaa834f54a534
SHA116c04a151b4d187198f1ac7bcd1a47976ab6f200
SHA25623ad323a3725f11413956231609d5979d457715cdbee5d63508040ae04585196
SHA512e2e5f5a340a73e93b677c72305d46a890335e3cd0ddb679d1d0d64d95445e3c962a24802c807dd952ee8f3a81c028ff642454f704023b16d6b34cb5e8928b770
-
Filesize
372B
MD5c7f7053ca106074878026d734968dd85
SHA1880178e289b174e17c7400de72a6b453df792cf1
SHA256dddf059b621dd7b53a44ddfb4f3ce78c88147f993cf010bfec9ff18d4ebe9eeb
SHA5122d88947946df539a33dfe55edb47add4cbd7f3bfc52ff14e4365928ac9b7968ee4c3ca6f18758f97f5412d8386d6b1c386043bc873a9eea34a627df8fc94b015
-
Filesize
204B
MD57d1951122a443ed285af120ccdeec8ab
SHA1c8fce21a7bce013b463f1218163a7535a713dffc
SHA256f8da82f3baea828e9b65d1270b64eec2f6a15fff3cf53fe811a4964d855e8366
SHA51229a4f76afe7179ae6768aa2ae6be4293751727a713dea108bc4bc218f8331040b06c95928c830463601edf996f7fcafff5fc34ace87855378c115e0b52add29b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5772352528228e06667b31b1b7f40713d
SHA1a932bd868cda3ba1a386ad8293175476cfa571a9
SHA256d7a44e79165bfe12c8cd95978efc2e5ce1e20a88cd040aa80335f9f153c7a64a
SHA5122f759dd334eb22c8f62bad57961c2e2446deca53fe135c3977ecacda23aa5d7ee138650e558f7e91ca0edc77e7a15b02ae510ae393c3ec4022bf1c8aa670c3a3