Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:00
Static task
static1
Behavioral task
behavioral1
Sample
91090fce36f50582404f4a059fc71ec0_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91090fce36f50582404f4a059fc71ec0_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91090fce36f50582404f4a059fc71ec0_JaffaCakes118.html
-
Size
173KB
-
MD5
91090fce36f50582404f4a059fc71ec0
-
SHA1
a5eca59deeb0199b67143ea7340aaef2075932d6
-
SHA256
04e6b73fac7fa9ed0a9a510568051abbd577fe74172e8b2f073c1e0ce45b2b66
-
SHA512
e2bb011852938124ba41480ce1174746d0dea83fac4b24f50e511fbb99bf8eba66905b49ab176bab6d0f6217d70e94e51341493dffd6be74f5792e101b5074ec
-
SSDEEP
3072:SzZdjiDvJ4mvWXAwT+z50TSMVMjIHiSXJsj78vJuAF4nbTxG:Sze4mvWXAwT+z50TSMVMjIHiSXJsj78D
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4236 msedge.exe 4236 msedge.exe 3512 msedge.exe 3512 msedge.exe 2788 msedge.exe 2788 msedge.exe 2788 msedge.exe 2788 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3512 wrote to memory of 3472 3512 msedge.exe 82 PID 3512 wrote to memory of 3472 3512 msedge.exe 82 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 2580 3512 msedge.exe 83 PID 3512 wrote to memory of 4236 3512 msedge.exe 84 PID 3512 wrote to memory of 4236 3512 msedge.exe 84 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85 PID 3512 wrote to memory of 2936 3512 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91090fce36f50582404f4a059fc71ec0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3512 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda88e46f8,0x7ffda88e4708,0x7ffda88e47182⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:2580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵PID:3456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2856 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2788
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4372
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4980
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1932
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD5a043e9eb1aae9be3be8e3ef0128031fd
SHA1f78c510af9bedc4bc023a7405ac78427926018be
SHA256e7bb7122ac1ee7e925ac8473490fa3a65126b10c19b8dd1abdc662dc46c712f9
SHA5123a850e9fbf0e28f8810c114611d18014fcf6a794324e74c802beac35f4ffcb2f97dc746c9c1c18b44cb59fc19dbc2d68739dc667c080058c7548e756e2500c0a
-
Filesize
2KB
MD522cab22e980fb93ffcdf02fa812f18d9
SHA1b0bb8cdcad0e5269fae8551fbd52f07d3d89d112
SHA2562af69956339b52d5c61bfbcb0458f865c409646351978f6db8b403055c44e4f5
SHA512e2cad8a629dac8a8ed66b066465944fc884044f3bc16abab61c20e6046256ce6dde8b6b5326f59f6caff7bf7c0c003b4891e6a445be1f2c5b04ba3cee5ec108f
-
Filesize
2KB
MD542dfdbc2b40a662ae1b1b851161c1d14
SHA1029494461e1b313273631c73bac8e26af1112e80
SHA2560fdc798230b3a99eba895415ce38f1aecf3d00fc049e50e1df50f117c2a11dde
SHA512e2227e03d1a78bbd80ef5460e0c24d7d4074005a709764ac0358061856aca811276e82ac79409aec46bf0024d6eb97f375805a7de5158977d287233b5fecc5c6
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5a2919e64d91d2288bf8731262330d36a
SHA156dba46c6b321c51880d075a53f093886f362213
SHA256e3916d87ae1b15462cb9175ce6940db5d1fd22f9e75db6e9aab72930c6b8b445
SHA512da7eca582fa77189cdb5aaef0e5f438c3f7fde4998b27b569083813bc4d642ba12473a23bf1bf6a6492d7297b316535bec7270356cfba89d0622e93652ce8edd
-
Filesize
6KB
MD53ea9988841822b1f2c8bce953a632d1c
SHA1e0d2ed68b40981f726b677027ae75b3a3abc9761
SHA25686db3e7ad8048b6832f65d5dc5058c9ab25fcdc2063266636474525bd08d591c
SHA512de0da2103de94dbe86ecedbc911199db45e31921ebbcb40ed94dd7131c6c3d7210016e8f45e46074568e49134f90ed2c6467c4a1cf6d270d14064e87cdfed8ac
-
Filesize
10KB
MD5d91f736f861000edbc1f29802c6bd176
SHA1d9ae0edc613908b155a6358a5eab5bc02fc062e2
SHA256a0a7efbe2be8b3a5d9b991a0e76c8bf4f3a163d8cab37a07e1df5807208d49ef
SHA5121db2f91e1f568e3b3a0f59446bcd6fb8b1c8f7185be1efebe399c678b22f2d3cc858dc8ee203aa4ff65414da548d80290209609677e953460bea2f8d8390c1d8