Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:00
Static task
static1
Behavioral task
behavioral1
Sample
910962a904592bd9517c46f0700b8c69_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
910962a904592bd9517c46f0700b8c69_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910962a904592bd9517c46f0700b8c69_JaffaCakes118.html
-
Size
27KB
-
MD5
910962a904592bd9517c46f0700b8c69
-
SHA1
0d237721425b3fae3d9515cf9c987539dbcdc8ba
-
SHA256
0cda18b00cdb031868d0c4899ff0853b0ca2c167295d820452d203bf70cba6f5
-
SHA512
01ea6013cc128b7038a31b21e55ddb0300cb6727230e81f2a12afaf66a99a6852c151ec5548e65c93a093cad197249298e8d6f36344992139061b68e6afaca9c
-
SSDEEP
192:uwPgb5nUenQjxn5Q/bnQieKNntnQOkEntZ5nQTbnxnQ9ecGm601qIQl7MBqqnYnW:NQ/fZuiqbSEHw
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2108 msedge.exe 2108 msedge.exe 1700 msedge.exe 1700 msedge.exe 3948 identity_helper.exe 3948 identity_helper.exe 732 msedge.exe 732 msedge.exe 732 msedge.exe 732 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1700 wrote to memory of 2280 1700 msedge.exe 83 PID 1700 wrote to memory of 2280 1700 msedge.exe 83 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 3864 1700 msedge.exe 84 PID 1700 wrote to memory of 2108 1700 msedge.exe 85 PID 1700 wrote to memory of 2108 1700 msedge.exe 85 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86 PID 1700 wrote to memory of 3044 1700 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910962a904592bd9517c46f0700b8c69_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca1247182⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:82⤵PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:82⤵PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:12⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17236770894938732151,9993982065941650512,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:732
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5076
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
6KB
MD56a8320736ae25e54343115f0215d576c
SHA1ed1b473fa596699baa7d19da34c08e787a041c73
SHA256e5cc38f85bbee0725c27bcb99de460ed2f5cf0e7247089353ebbea2ed23c2192
SHA51287ef4b9e6253b79d854dd6e5160cbf0066e91c5614fbed9de20045ee5ca07415bfba3ac8d05651eb686c39cf735025e2c47589ad28dc9e2b6e7edc5ce4eb2e1f
-
Filesize
5KB
MD57f32c5715c0e08bd50b2f92879e544e0
SHA128c7ae0da8c192f69301a74978958284099391ad
SHA2568acd29a7b0353f3a79bb55ec7c2f689397e1a41e9e1a6ac01cdb8688f9f2d030
SHA512d2ff8e0c5f17b079932e0db3ef72eeda4015879ad047ee5500bf3cfbd9b5528637517bcba423dd8dcb19b111e86500a921b4bda81ec71575e6cd3c49086dba24
-
Filesize
6KB
MD58ff303349bfe46c66a1b199a410932e7
SHA143639c74e4af9ba051ba17d1cf148e17d723e304
SHA256ea44cec5851bea84d5342cbbe170094b835b359cf0ab914654d834f0625c50a2
SHA512d7c5d28a41bb58e1c860985ab76b2afda9599327d2e74cdb00144a0287088d25428f06b3db68075af2a254fa91edd77ca239b78593708ab7c4b0a286e8f5f7c5
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD52b35647d947ef19a45dbd7e35fca3378
SHA15ec8efe7c4000861d9468efe6fd3ba858581c414
SHA256400c575a0beac2158ed1ef4ea1858ef03a56a320e35544ca0620a0f584f258d9
SHA512f26a78b11a81aa26c21b99d2eb9877b2c44efeeb57361323bfc3670506ed9f584e473cccf3fdd706624f0926c1d480e6750eb17c22beeeb4f70b993a6baf34f4