Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:01
Static task
static1
Behavioral task
behavioral1
Sample
9109dcfe7c35b11dff72e5ce7a2a11e6_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9109dcfe7c35b11dff72e5ce7a2a11e6_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9109dcfe7c35b11dff72e5ce7a2a11e6_JaffaCakes118.html
-
Size
23KB
-
MD5
9109dcfe7c35b11dff72e5ce7a2a11e6
-
SHA1
85dbaaa3d09ba1e1fa58767badaef889b068f47c
-
SHA256
e97831d0258fbb066445aaf52a8f14e5c17121b0f48eca6e48b6f53aa093c64f
-
SHA512
567e6d8cba45d3dd5d9611e53cae83b3367caacc8f03cac4c1f4c4adf4ad3e7282d14b4498a268581192c95725a721532cd3a87cf32c4055a95d124d2c95d227
-
SSDEEP
192:uWjYb5nFWnQjxn5Q/gnQieDNn2nQOkEnts+nQTbnxnQlCnQt7wMBjqnYnQ7tn4Y5:4Q/2lxi
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2904 msedge.exe 2904 msedge.exe 2512 msedge.exe 2512 msedge.exe 1760 identity_helper.exe 1760 identity_helper.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2512 wrote to memory of 4640 2512 msedge.exe 82 PID 2512 wrote to memory of 4640 2512 msedge.exe 82 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 3144 2512 msedge.exe 83 PID 2512 wrote to memory of 2904 2512 msedge.exe 84 PID 2512 wrote to memory of 2904 2512 msedge.exe 84 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85 PID 2512 wrote to memory of 2548 2512 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9109dcfe7c35b11dff72e5ce7a2a11e6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d7846f8,0x7ff84d784708,0x7ff84d7847182⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1980 /prefetch:82⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:12⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3956459933457240684,12697264733215511275,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4664 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:452
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4028
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
5KB
MD5f86430cc688224df40a8c2d49aa38f50
SHA1fdc324f5d608f02f3ee6ec8ebb03dccdf551b7d2
SHA256aa2de673d96709531597d48636e1e6b26fe8a6bc665ca9ea4f4c33756d7991df
SHA512046dbf2e30717ee8df575db8ad18937e2c580779a4ceea176f30dca06aa37e0192902baa27dacc44cc96864d40f059448085fdf19fd7d814c4235696ec16450c
-
Filesize
6KB
MD5ea9f279c66eafd9a736055f25ea9def4
SHA1af34e6bf976517088c89d07e4d0485997ee3fe04
SHA256130b36b11d14b59045366ffe9ecaf3e26ac233b318978aec4cda6c4d4504e9da
SHA5127aa29fd3916da11ec856af6765df0ef1042c192ff0ecc83ce8e7dc1c5c5be654ee18f705b97e3e6d230a5ab96b5d9de89e0c3715598f3de2cb7eee8ba71a0be1
-
Filesize
6KB
MD5f175c4a1070b4142591770c5d6310a44
SHA112ef6242aea8cb3db4bcd21ed2da997d5a05881a
SHA2568aa87da7e66f59ede1a5f80d249ff0ff8037a78604f99afbcebc48487a645343
SHA512ba571280e9a268b26f2c95327b9aa8836b70106c7e0ffed66844516529f257a1d9acfcdd64f4fe69ff1d7e1d9ca205d6f6cdbbbd12483f36fe7f98024d7a55e8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD581a56cf9968ce363bca7b546ac3decc4
SHA1d0775ddc5e126e05dcb8f0110ef671009175241d
SHA2564b3494f6db5355d42220d373cd6bb254bc9353a565813b66bf06d242236c6dcf
SHA5125956b2676bd9e27678aa12774a1c0e19d47854e7dc8f14764a37ad805aacf8b40d012ada839333293a06ca93bd401d50d94299df463fd75dfb8028b21409b81f