Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:02
Static task
static1
Behavioral task
behavioral1
Sample
910b294de5e6c54f03894bc575b3556c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910b294de5e6c54f03894bc575b3556c_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910b294de5e6c54f03894bc575b3556c_JaffaCakes118.html
-
Size
22KB
-
MD5
910b294de5e6c54f03894bc575b3556c
-
SHA1
ed6cda6473cd216b227eaef2a93da5e408004e70
-
SHA256
3ff50a800befd0b97479cd462904752f1d11e9a5af069a5ee49660552e23b8e1
-
SHA512
0efce2bf95a0a68ddb5f98c6505f706ad68ac974c9ba9d29d7236d70056854a2dd42a5ba9f3a930281b3ce553219de8c047f5b842aeec8ceea4808470ede02bb
-
SSDEEP
192:RsXoVsAb5nDnQjLntQ/UnQieCnonQOkrntWZnQTbnQnQwR4SnQNjMmnFnQ7XnDn7:WXoSjQ/VNV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1148 msedge.exe 1148 msedge.exe 2992 msedge.exe 2992 msedge.exe 2708 identity_helper.exe 2708 identity_helper.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2992 wrote to memory of 3452 2992 msedge.exe 83 PID 2992 wrote to memory of 3452 2992 msedge.exe 83 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1256 2992 msedge.exe 84 PID 2992 wrote to memory of 1148 2992 msedge.exe 85 PID 2992 wrote to memory of 1148 2992 msedge.exe 85 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86 PID 2992 wrote to memory of 1000 2992 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910b294de5e6c54f03894bc575b3556c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2992 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82fd46f8,0x7ffa82fd4708,0x7ffa82fd47182⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:1256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:82⤵PID:1000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1336 /prefetch:82⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1336 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:12⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:12⤵PID:620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3013834679738200739,15591551109227879971,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1192
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3784
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4928
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
5KB
MD513902f342fbdbaf5ed4b17ba53062b4c
SHA12894a846be5bcac0224c8b099442db76127df082
SHA256f2046ecfee62c699829fb797861419656589c2f39e29eb3319db2636e9e80133
SHA512eb1ab754a86d03d7023b101c317ff997447c1f14bc72e5acdbdc5cc1c14726d492903f81654a258f0296cec477b2e68198f9acbcee497413220323ea92b4de39
-
Filesize
6KB
MD5ce94881aa0f0a05ab870f701933c72d5
SHA18acc1bc49daf679b347bd8b3be4dc3baf6b3b599
SHA256b0ab623cb24f6489295e0eef2bf2252fd0a7bf7816e7f23890d5587458497afe
SHA512876c4adbeda2cc63bc4b224d4d04456e83563cdc117555590552d19264c027695afa9248b4db4e2d29d7edc3ed1f66d3e92d3aa33dcad59a6779e94afd039f8a
-
Filesize
6KB
MD5c36c3c592f0b6adb93b3d327288fdb9f
SHA11cd4cd189f813544789350895eeac015e83c890b
SHA256787f2ff5c03cb842d7947229c152dc9e09fd5807f0f1b01df31037844620e69d
SHA512609056fe38b76b7a3cb3fdf2b5b7178e323286164aae033991ea72fa5fd4d4cb6f6b8122b8e6fb84eaf8a6dbe0529cd666bccf560d9d32543aad93e85d1a7bb3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53fb3eac4ee510b7f4cfd0ba9c04d6489
SHA164f20a7ad550dd9aa46f76a9fec8d5e9b368bd63
SHA25651ace69bdb11b488f1dae77ba8f1675f97c6ca21ce91ac324e827348e50cb9db
SHA5127fc1fe238978d4f72084ef8dd3269688a9284d8f3c8354b5a3e36b2ccc49f7e3ccf2ebd1ef534a0e9b0811362e11e1d21a8a86c4ea79f1b1279614b2ec5c534b