Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:01
Static task
static1
Behavioral task
behavioral1
Sample
910a8319e5a122f5c0e717a514586b2d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
910a8319e5a122f5c0e717a514586b2d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910a8319e5a122f5c0e717a514586b2d_JaffaCakes118.html
-
Size
9KB
-
MD5
910a8319e5a122f5c0e717a514586b2d
-
SHA1
60a06542fffc257ff35c87c0125e8f94423c6cf0
-
SHA256
df238a4a2564e94fae01fbedd7ce5bccdc29f784616cf3041c33f2d7413e3bff
-
SHA512
5ae921f59c55dfe011333f79f6196544635e4fd0a878c1802b8529faf2c50f67a82822563ea50cb735bdd598c6cbab76828231c992451ff46d5f8624c0759dd3
-
SSDEEP
96:SfGd5wGiZC1APYHsDHObhjXbr14BMCHUyoPq9x6qST/bnGarpWDQYsk72nSkdQ/r:SfGd5oOd4BMCp8rbnGd3Rh/mArnG4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 844 msedge.exe 844 msedge.exe 3820 msedge.exe 3820 msedge.exe 4932 identity_helper.exe 4932 identity_helper.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3820 wrote to memory of 1464 3820 msedge.exe 82 PID 3820 wrote to memory of 1464 3820 msedge.exe 82 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 2344 3820 msedge.exe 83 PID 3820 wrote to memory of 844 3820 msedge.exe 84 PID 3820 wrote to memory of 844 3820 msedge.exe 84 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85 PID 3820 wrote to memory of 3084 3820 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910a8319e5a122f5c0e717a514586b2d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3820 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb923946f8,0x7ffb92394708,0x7ffb923947182⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:3084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:82⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:3268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:4908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14823969111244957823,10193558363455300417,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4504
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4524
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5044
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\657c4016-5fb1-48fe-a365-3d51d7b6957b.tmp
Filesize6KB
MD5bb3568dc3273b5be90a7501335f3d0e2
SHA1e4a09534c2f1b851a18bab79d8d31dd8d5ec419a
SHA256c5a0abf63c813f56f0fe98ef01878537f9b3900ecb8150483bba536717fef7b3
SHA512be929638bea0457a27c49ddfe6259d0aaf6e72a7d4ab57c69bfe532f4479b0497a6658f32213ab661c353df90efe002d8de4e0af196ed48571cefce04db84721
-
Filesize
5KB
MD50b51fa0293eebd3d7557b2efeb3ab591
SHA12bdba6d81c48243be0e4a8b51fa6f1de7b715b67
SHA2561485965c3827c931ce74ef80bb16f51c0897ed7fc98f6bd278e653ff21ac4fe0
SHA512b825bd2a874997b0b984fe08ac587bf30105e8d8f8dcfa68c8d6c09d59ac1e42bf32d7cad626be433ea232e89f57bf6273b4995b1ed8a9c3218dc855bc17f6f4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD548b30b58781e2f489b51cd561a06a30d
SHA105e401a7e30d0ea92bc8041d521f54c226a0af0e
SHA256e89a94d316f0339e873c76982728908023013473e868086662db74618b562377
SHA512c2980fccc7085ca1715d76cd056bac0e05d383710ea01a4e6be31d08b008f454ea968a1de57d36cb6a520513667f71eb678acb4b13d91c8b12432f081f1e0369