Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 07:59
Static task
static1
Behavioral task
behavioral1
Sample
9108abea70eace44b5d31a8d001df03a_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
9108abea70eace44b5d31a8d001df03a_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9108abea70eace44b5d31a8d001df03a_JaffaCakes118.html
-
Size
176KB
-
MD5
9108abea70eace44b5d31a8d001df03a
-
SHA1
06e3f95bca246d519e2ccfcc8e195feb9419eb4a
-
SHA256
723581f9d33d2570caed7e85e2d4444bc04ea37318469b890344c3f755296dc8
-
SHA512
9cd51bfa5aeee3840daf42a2c38c70cd61dd38f8b8c78a667cd369ddaa2dc613031d020cdd8509769daf339666b7b8175f5ed757a55f7980436e1aca93db2c3f
-
SSDEEP
3072:bvzNxh1egRCtBmIZNO77eKQwyyJyc97PGMqjGNGaee+CYKQq2Nm3e2S432F8JQEv:bvzNxh1egRCtBmIZNO77eKQwyyJyc97x
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1856 msedge.exe 1856 msedge.exe 3364 msedge.exe 3364 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3364 wrote to memory of 228 3364 msedge.exe 83 PID 3364 wrote to memory of 228 3364 msedge.exe 83 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 2012 3364 msedge.exe 84 PID 3364 wrote to memory of 1856 3364 msedge.exe 85 PID 3364 wrote to memory of 1856 3364 msedge.exe 85 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86 PID 3364 wrote to memory of 2620 3364 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9108abea70eace44b5d31a8d001df03a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d47182⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1120
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5048
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:940
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD51987296cff19370145c2a159d482d82c
SHA167304ca63b2a456aa7fdf657e16b2979db82fab5
SHA256bbc59d746f619d4a79fd8b2616f7805a23212dff962841205325cfd9b14fa59a
SHA512d598b4fbf1b85e542da94ddf3d6921754f839d32534f8d307d04e6c8adabdd9e3bf260758527becb60f5a1ab79edd085ddc3ab9d9ef86cc3b8b8f49f833f5c52
-
Filesize
1KB
MD50fdf3f735c1a2897003cba32e6ff1ef4
SHA1cafe659c843a752ec5536185397dbfd9f215a415
SHA25610ac938ecd2585d52ddc5704eff521e18b08c8fc8152a2c9badf936ae71ebc25
SHA5128d6d79f81a94066c962ba7364399dc92dd9cd8e8d703025e57e2d90067e879731fa91d244da64a51fc9a30bdcf3c6d3417b5c0f698bba6fdd89eb44a070df38b
-
Filesize
1KB
MD52da02d6b38d7eb362807ec688d15bf27
SHA15c5a2c14b437bd8d660a54f6f595642c826cc79a
SHA256dffd0d063d0792cbe0c9a17f31b050d66f51ad80e197e10fdaf51e28cc88a60a
SHA512ac613839cb115a5e328ae472d5c8e42a4ac2853536a3c5344f3e1e029eed26eea7267f9b473903e8971920fbb876d6af018d8bdf1abb2833c85d397e250305ef
-
Filesize
5KB
MD5ef4726c191995fab90090f6c20b411cf
SHA1e9d8c570abbd5a7c58c9947cd1dc13443802db80
SHA25644696c52aa3adac0fa94be958ff99b3bf478945a4d09cb58cdf9b9f2c5b33436
SHA5122e4eadc97308ecfdfd483e9fd1e730eef01faffce889d2c22157da035ec16670cc69a9576a5149671183274066d9eb7517c38dce5550bebef9e67ac10dca36e8
-
Filesize
6KB
MD55c8c5722bec68aa2c051ecb2688b77ac
SHA1abd2380bc8121dbf533ac99b5fb4401fb3b03bce
SHA2561431a1fd020e6ae9430ebb046acf8ba1cb7caeefec08cd5ac0836278cf642d06
SHA5124abc5427037dea25ca757dfe92fdbcde94d071f9dcdc8d6a558b5860666110c231f4d87ef826f1c3b210fd8f309acdb5a54c7a15c30501f0ac696209da828c7b
-
Filesize
11KB
MD583d057893d78b7cad0fb1793c60af985
SHA18fb11985571ece60b2db707e4215ef079719e6ce
SHA256ee2661b1e886699534bf5f278ed7fe46d93d8b9e5af494123c18dc6e68aa2bca
SHA51205330f603a5ffca6ac1a439a48687678e20257ba5282c9296d0fb095ced2fd2fa8c091256dc70cac7cee8c159b363ac2396d1bba78d8f9fe964968a5491723a5