Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:03
Static task
static1
Behavioral task
behavioral1
Sample
910b777e87eacb4f1500185cf0de08c0_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910b777e87eacb4f1500185cf0de08c0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910b777e87eacb4f1500185cf0de08c0_JaffaCakes118.html
-
Size
217KB
-
MD5
910b777e87eacb4f1500185cf0de08c0
-
SHA1
7184bec1beac1334a07e4f6b018b2dbb84187b19
-
SHA256
c5c5a8136fbee8a72e39910651158a27695bd8b81195b7d9869c8dd3b6ff6549
-
SHA512
51b40a2bb68d351b067a2f8de95ee974c11f7070db62f74d39f7f0bda69528ceca149721539185fd361632b60c3054f0d8ae583d88c966f5ba0f3985b44ed31c
-
SSDEEP
3072:SVKojJ406OoHBqyfkMY+BES09JXAnyrZalI+YQ:S8ojinjBPsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1312 msedge.exe 1312 msedge.exe 2176 msedge.exe 2176 msedge.exe 1328 msedge.exe 1328 msedge.exe 1328 msedge.exe 1328 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2176 msedge.exe 2176 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe 2176 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2176 wrote to memory of 1284 2176 msedge.exe 82 PID 2176 wrote to memory of 1284 2176 msedge.exe 82 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1516 2176 msedge.exe 83 PID 2176 wrote to memory of 1312 2176 msedge.exe 84 PID 2176 wrote to memory of 1312 2176 msedge.exe 84 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85 PID 2176 wrote to memory of 872 2176 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910b777e87eacb4f1500185cf0de08c0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e5e046f8,0x7ff9e5e04708,0x7ff9e5e047182⤵PID:1284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3734432338483452699,3110665614347382375,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3734432338483452699,3110665614347382375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3734432338483452699,3110665614347382375,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3734432338483452699,3110665614347382375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3734432338483452699,3110665614347382375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3734432338483452699,3110665614347382375,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1328
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:528
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
5KB
MD586dd3c285c2adcab952c3bfabaa0c2b7
SHA1507f152844150f11e4407a78f83ac492046d525f
SHA256b2f6fc9038e1da6b7cedea66eadb780746c4eb3683d05f6ec0e22aaf5de4ad9c
SHA51208031af6dc11b26a3560288c6482906c401dd9e822e58d3a9e8d4e8ccfa55c6f3f5cf4f6de9735ea2889b3076d494be6b2ea0b57dbc47af656c2a70adbb72518
-
Filesize
6KB
MD59a369339f8a7acfcd332b89b6a4b814f
SHA1e5b56ea564c7e424dd35a6e6543ec39e0cb50d71
SHA256947d41081ec159ce3d7b3e358696c76cdc1795182ce5aa9f7738815084f638eb
SHA512136c09a05b9b37a1f9752f30da58d07ecc7ab7faf9894692208345b56c1f131c28b96522e91bd39354b50dd8a7378c8975afa6286577d96db86a5709df5479ca
-
Filesize
11KB
MD56d4a408c4c5a7bbcb9b1700059949f61
SHA1fe0e9cc0093bcd790808b8787ddd7ecdb00039db
SHA2562d2b0345d0231ae20f0ef65e51cb7a544f4e98ce04b6497dd75a791325b5ecb8
SHA5120afbb1bab2172d3dcf63db18114c7787ff913796fe0cbc329e806bba58933d88bd2e6fa22bc4be4e7ff4c01bbf9cd3fdae0d4c986c03973c24c6197df6eae529