Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:02
Static task
static1
Behavioral task
behavioral1
Sample
910add793df19380606d61710decfd96_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
910add793df19380606d61710decfd96_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910add793df19380606d61710decfd96_JaffaCakes118.html
-
Size
4KB
-
MD5
910add793df19380606d61710decfd96
-
SHA1
ebc010c7643fd396180646ced136dc1cfc8772b3
-
SHA256
f0d422c3e76e3fda66e2d77ba5f0a806ed5ca0b53a2a9c6e024a657294273633
-
SHA512
09eb451832f6cdb4839c14a6466aacbbe3cefe6eb3aab14c6157156b6e5267082d58b2d1ca09de4c3d5cd95281c5d3a80424e335586ff2f86ca7872660e0ee7f
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ooX/HIYA:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2548 msedge.exe 2548 msedge.exe 1500 msedge.exe 1500 msedge.exe 3556 identity_helper.exe 3556 identity_helper.exe 2956 msedge.exe 2956 msedge.exe 2956 msedge.exe 2956 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1500 wrote to memory of 744 1500 msedge.exe 85 PID 1500 wrote to memory of 744 1500 msedge.exe 85 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 1616 1500 msedge.exe 86 PID 1500 wrote to memory of 2548 1500 msedge.exe 87 PID 1500 wrote to memory of 2548 1500 msedge.exe 87 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88 PID 1500 wrote to memory of 4324 1500 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910add793df19380606d61710decfd96_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f47182⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:82⤵PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:1504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8132684567016580126,1810820710258346316,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2924 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2956
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1644
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
292B
MD5091bf6398e7d1e22ec46ee659c66a473
SHA16a0d74d0ff108910cc2257dfcb9ae65704f612e0
SHA25682b7e01aff1fe65d4384a57179fa579ec4c3592e54e88086f71e3c846095b8e7
SHA512378331f0c39803cad587a0f9a7991a23eb80f27724f1c6ddb1ed8fe883741486f9fe498e2671692d5d7e658d12de4610559d08641e21edb73ea46a17652dda75
-
Filesize
5KB
MD559b3e6e539db5a1cb7954f987c82e242
SHA105020c909b9231a08bbc738ff8aeaabbe30d67bf
SHA2563e6f91b0c60442385a5bd182c754138fb438fb8e255d1141588564aa26b21a82
SHA512964f29204e2df7eb52a6ef1faed3a06406c0c511fce9f3f2d7d352940ddb4ef3884ec7959ec5a2f22c28b0373ceda7768b26ec812a90e1296fa89f8c6dc3e63b
-
Filesize
6KB
MD5b059b0f9dce70c2feb21d14a3eacbaca
SHA1df0553ea33b94d4fb1362215de0c4177cef2887b
SHA2566baa107a733da51e4e5b12f56e4c61c669eb7edd76e8fe21bdeb3d93a2e99ae4
SHA512cf642851d2033d8e1016bf7dfefec9309bd845dad78a4a6b677d37778e35eb3e8629dc60fed3152ed193a723e963e7e56ede6ef6605dcab0db462d2e3f0a2e33
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53b204140206cd060d5d5066683ccecff
SHA1094e8ea2121ecfc3d1863417e6e39cc5e69a98a3
SHA2567583fb88b9916c5f6a96e9aaa9eb1fc90d9bbeaf2b5ab1d7c4cd43391f2447a3
SHA5122c25bce97f42e210ba3ece136495ded3ea2c105b81f55ffacb7f14fb6e9a52f23340c666be216305828040ecb2e78538ed55b8be4982f82c463e6614a2e2ce42