Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 07:46
Static task
static1
Behavioral task
behavioral1
Sample
91001af4892af75e4135c8389f6e5cb2_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91001af4892af75e4135c8389f6e5cb2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91001af4892af75e4135c8389f6e5cb2_JaffaCakes118.html
-
Size
19KB
-
MD5
91001af4892af75e4135c8389f6e5cb2
-
SHA1
46eaacfcb60e198506ee8d4873d3f7dd1e2a51f6
-
SHA256
7a99e4b336d3ba620265451bbe1d7e70ceda7cfbf1b9123ac059fad4b64e69fc
-
SHA512
02549e17ef5df67f6c5301750e485a677ff7b6878a2047df438794dd5ab98fdfbca20e24519214ad451e850a198a46e1b89cea7ae45116fde674badb588a730a
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIJ4TzUnjBhlv82qDB8:SIMd0I5nvHFsvl0xDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4852 msedge.exe 4852 msedge.exe 4820 msedge.exe 4820 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4820 msedge.exe 4820 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4820 wrote to memory of 3448 4820 msedge.exe 82 PID 4820 wrote to memory of 3448 4820 msedge.exe 82 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 3108 4820 msedge.exe 86 PID 4820 wrote to memory of 4852 4820 msedge.exe 87 PID 4820 wrote to memory of 4852 4820 msedge.exe 87 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88 PID 4820 wrote to memory of 424 4820 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91001af4892af75e4135c8389f6e5cb2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82fd46f8,0x7ffa82fd4708,0x7ffa82fd47182⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5686052654903553241,11528947718047321026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5686052654903553241,11528947718047321026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5686052654903553241,11528947718047321026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵PID:424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5686052654903553241,11528947718047321026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5686052654903553241,11528947718047321026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5686052654903553241,11528947718047321026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2896
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1376
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
5KB
MD5b7632095b5e4f35cb780f21b8a3bc198
SHA1cc7d49c1672d02d1ce1fcc937d8e606c233ab2b6
SHA256e56d11978e68668e2c859a8e4f0669ec50008dbaae306c214d7c92fb7cb79cc4
SHA512a7961e11cfc5f15f8b240ac1ab8e58440b0f27cdf575c13690062b4bd6559db76d394f49af6687cb0d0a28414e3e89bae3af61e531e47705be471123195e247f
-
Filesize
6KB
MD558756150dfeb24fea76f21870e738eb6
SHA1d5b9d51edebca829998b1c9d9a0902d592031552
SHA256d7c6aebfdc01bd262dd51375e98c126a26b232ecb448679f9b1d9ab60edaf67e
SHA512b6bf864cec5f0895e93131f08202eb873b27da6ed45f16817202251338a1092a6d82a1db2e14a895918985ff0334352515206ad0db0f1966063006b574773f34
-
Filesize
6KB
MD51621f6b1cf0e07d281802fbbb1f14405
SHA186495e41f1212559376b5575cca88851aabb465d
SHA25655b194eea1fd175414f746d5270625502238241cd9170fd36d7f5f35958676f9
SHA5121009657f00aed284c6f601eb7dabf78c1fbfe38ed24cb25a457db9878d99dc57209e4fb37ec2ba6a6a2fc7fd62458e51c13b0c5ef26d1be3ef0caf7a543e0379
-
Filesize
11KB
MD590da0fe47252d6575f44bc856a1e170f
SHA1829e51837e8afd96510bfb596d8f5771925873c0
SHA256b85681fc3699d6bd995f1b26dd1bf213a2f0f7ab9ba7afa5e58a6ba49a88c3e8
SHA512cf629ffa9ecbb334f39df429f40c74e097fc45b1eb169cfe8d5d2b40ebb7a167ec4810d1b07afbfe2ea0b3fc10408880d532d76b7a136b12c3a922947c175945