Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:05
Static task
static1
Behavioral task
behavioral1
Sample
910d4441b7972da4124bdd0d6bde3878_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910d4441b7972da4124bdd0d6bde3878_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910d4441b7972da4124bdd0d6bde3878_JaffaCakes118.html
-
Size
74KB
-
MD5
910d4441b7972da4124bdd0d6bde3878
-
SHA1
6e852c2ddc5f047d2178dd1f887502ad5d9bedb0
-
SHA256
eb8377c6573992d5572ba70c62659ab1cc39ec6b5c0283671c3605c1ac50ba8e
-
SHA512
d47fd1c4bd0df0e858bde0406ae63c1bd61b4ecc551124dcd3c839a67ed862aa3ee85af2ace36c1e144e6430467e3b9f50b2dce65ec8ddcddcd79fc059161a7c
-
SSDEEP
1536:imu4hjYkrRh9rYYYRtY18YYYNYYYnIz7hYVnXesryyFOowU/EYYlHY6UYXAY58YB:imu4hjYkrRh9YYYRtY18YYYNYYYnIz79
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4316 msedge.exe 4316 msedge.exe 4324 msedge.exe 4324 msedge.exe 4188 identity_helper.exe 4188 identity_helper.exe 2396 msedge.exe 2396 msedge.exe 2396 msedge.exe 2396 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4324 wrote to memory of 912 4324 msedge.exe 82 PID 4324 wrote to memory of 912 4324 msedge.exe 82 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4924 4324 msedge.exe 83 PID 4324 wrote to memory of 4316 4324 msedge.exe 84 PID 4324 wrote to memory of 4316 4324 msedge.exe 84 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85 PID 4324 wrote to memory of 1704 4324 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910d4441b7972da4124bdd0d6bde3878_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff85d2746f8,0x7ff85d274708,0x7ff85d2747182⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2012 /prefetch:82⤵PID:1704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13726550939629078200,1438116659461956781,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5040 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2396
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4948
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2916
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3644
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD58a7b2edc3fe5701094cfe9685f9af972
SHA1c3111d4e89b14012afb25d043403815c0e9a3f55
SHA2563cf37664b009e9ddf1c916e07fadc7f0a45b11db79c8893fa16965f88578a011
SHA512a5864059d364570235feec6d91ec749de76f1d3230ba9de67ad47bc2934ed8fa3c2675ded485f97ab3810ff7d07f6fa4668133aaa1bd193c7ead9f5a051821e4
-
Filesize
2KB
MD56639505d07c99507eb20341ded6d4ab3
SHA1b4a8c266998669769e2237d17fccff76afb78136
SHA25652792314ecb875e8a551857ae9665e45599956121cbad94ef4a0d5c74b5c0659
SHA5125b29a9a49a9eece93e7c541d7c2bb10dae2d077374ebdf2ecfbc8214f61a766272c0683f7084aca88820404fdd660aa30f3ba4f426f7c76b2f961d566f93d6e6
-
Filesize
2KB
MD5cfaff25fd76e991b6d889dad485172c5
SHA11bb378164727dec102dc3b5cacf5c3cb94eb81c0
SHA2561e1349079f993bfb538e8d7281a4aae061387f0bc1c9f4073bce76f38213abab
SHA5123bf94bbc40686ced58ae0943d0a818f15a1f0296f4870fad82212531a7449d212a45d8f3c9a58ab640620743eef03d14dabb508a53dab13154b08177fc9902f2
-
Filesize
5KB
MD5b7de5c806fd97ce225f064c00de287ae
SHA1dad732ef2f5a0903e9da8f22beacf8e7c2c78323
SHA256b96b38459f1c767d2c6179328bdb401fed5f385198dfb0bfb700b82a147df4fd
SHA512698f79badb6f8bbc7dac25b531e1203d2fb00a4d97c1648bfa6d7ad9f6a36d00a7dfddb49d1ee522566cf0758f61302013555410ee8f01695e0840ccdfed4775
-
Filesize
6KB
MD5cd7f4e9ae135c05403ba88931bbec481
SHA14813d67b8a987aca60f15ed499343a8650c415f9
SHA256bf3d5a379039f7639d76e2a1981fa3dfe9adf8557afce49bc9b04e264eb14b28
SHA512a671544f4e67acbd94477c06fa3ca6c706ec8eed0e813d6c783fe808adc7377136fc106d812d6b29dad4995455209863a5bde8c168477027e1564181139d9ee7
-
Filesize
6KB
MD5be8b741b18d12cbf487dd3eeb146d22a
SHA19c60071053faee941561a8a0ab0f147a3ea0fbf8
SHA256c40b9e138b51fe66a5f687871f6f667fcc174d0499bdef30be40ac7088bc3fda
SHA512fb54a80e29d6b9aec9913f52a04c7dea92e60303267bec3321981a8fc215c2d7bf7b1e06fac9d03e859e34da3bacbf72f3bae864b7a62c157aaa703c1c420abb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD520cd2f024d2d678f6b8af12b04dd273b
SHA19ae9e474e472c318526c4f56d187924a2b8676de
SHA25630b191b247c47210929ecfb83c9c186cacd6ee4bbf4cfb871f0282467eeee0f2
SHA512bb14d9fa70536d6d035c1f5f88b2a9863e8e8538eab54148beedd7fa94c6275d7d0844a571472d43c903b95d08bdb6368970e47dec2f6c17de24f1828467d002