Analysis
-
max time kernel
145s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 07:58
Static task
static1
Behavioral task
behavioral1
Sample
91080b28bf2463a41ed21ad71eae3d09_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91080b28bf2463a41ed21ad71eae3d09_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91080b28bf2463a41ed21ad71eae3d09_JaffaCakes118.html
-
Size
28KB
-
MD5
91080b28bf2463a41ed21ad71eae3d09
-
SHA1
d934c64196e4bd1c4722bed715099eb706b14414
-
SHA256
ff66553f4c11db90320a774585242a462f05d5dfb2d259168f07a97ede79e8fd
-
SHA512
e295f587dc3c28168bc2b805292bfefce32e2ac3284981c2c255b536f0af393d9557ef7d5e53a9265ad64b91636b0c52ac7e2aad713753b83ff1443089f59171
-
SSDEEP
192:uw/8b5nHsF0nQjxn5Q/3nQieWNnXnQOkEntxJnQTbnVnQ9eY+m6/5gOVXQl7MB2s:vQ/pB2RgOgSr
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4088 msedge.exe 4088 msedge.exe 5016 msedge.exe 5016 msedge.exe 2360 identity_helper.exe 2360 identity_helper.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5016 wrote to memory of 2872 5016 msedge.exe 81 PID 5016 wrote to memory of 2872 5016 msedge.exe 81 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 3396 5016 msedge.exe 82 PID 5016 wrote to memory of 4088 5016 msedge.exe 83 PID 5016 wrote to memory of 4088 5016 msedge.exe 83 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84 PID 5016 wrote to memory of 2936 5016 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91080b28bf2463a41ed21ad71eae3d09_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd944946f8,0x7ffd94494708,0x7ffd944947182⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1324 /prefetch:82⤵PID:972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1324 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:2708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵PID:2880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14580741901449506995,13587949221670540910,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5892 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:60
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2364
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
5KB
MD590b2b64b6a6c573540f83810034f8341
SHA13689618c3336142ae16594e9484350fa5680069a
SHA256ba13e8f190030c690effa76c3229499325f3d7eabe1dc0ab8671e565139f7d78
SHA512d83477b0676c66e02e420c676ee527eb39d86ae4422430eddd1a21d15bb4ec49456ee6000a680341d40b42969ba511681f9af5b3428410a0dcddadc50719d3d8
-
Filesize
6KB
MD594f220dc8e3408802699488c511c084f
SHA1583ca1597b202b72116665f8b65233b899035555
SHA2561ebc3b21e99caa479cd3a21b70b5f92f34fc196c3a754f958941c37690fe2f6d
SHA512e60f5d976149d0f04563a29f168aa219bfc627bb77376473a715759f59e3473cd19c7e12651626627fa325d77f8f264c4378c93a179eceabf3fb745ed0efc494
-
Filesize
6KB
MD594153752aa1baff194afdfa9beb85914
SHA11c7e1c288452e6a8845ca03d442bfd0b3cbdaa2b
SHA2568dbe4703b817806b06173598177c7d06e32a76564d0af784c7bfde767d6a5028
SHA512574e1dd35b006be7bd44c6d1f0e44cfdf4cc6be76fb23081cb3cfef68e90ba27308d1be3c754f22f38584490fb89485a0ead212376b717fd1f2d84a63007c67f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD50cb2d7ce3b6bf70aa47f9e3b6d67dad7
SHA1735fff3beb23b0c35b774501b167b8f4ee9f1ba6
SHA256554a0e83a13fb28b2957915dfe37fa4a37f544e3b914627564679e75c9697694
SHA512309f6af135fd1fe3b7aaa9e8591e03107d6b95890cc40991b4631b8e93e74569def4efa43d62b09f869ad076865ed22316e4ff2ddf4f49fb62f41cdc5d184a52