Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:04
Static task
static1
Behavioral task
behavioral1
Sample
910c7d19b50611be17e4c134a36e387c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910c7d19b50611be17e4c134a36e387c_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910c7d19b50611be17e4c134a36e387c_JaffaCakes118.html
-
Size
143KB
-
MD5
910c7d19b50611be17e4c134a36e387c
-
SHA1
dae246a40677a822fdb77b8e43d3970997d2f2ab
-
SHA256
78bc8540b8ec41e76beca7097b4cb0fb862517c15f32dc45149c7f6fc7bb45ba
-
SHA512
a9fc7d18822b9c7114c4b79a6e52255d82f502a51259e70558e7207b0a8fcc9664fea791fc65e2bfe6437f3b07529569bf9797680daa66d969027dd7ab115911
-
SSDEEP
1536:ca6gVKWxkapWixynHf2xXBHD6tSZE7b+gG1nO0lnr/6nX+Nn4XHnlNlnlGrnzxvN:dxkapWixyn/2/E7bwmwwY
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3240 msedge.exe 3240 msedge.exe 2724 msedge.exe 2724 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2724 msedge.exe 2724 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe 2724 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2724 wrote to memory of 3044 2724 msedge.exe 83 PID 2724 wrote to memory of 3044 2724 msedge.exe 83 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 4144 2724 msedge.exe 84 PID 2724 wrote to memory of 3240 2724 msedge.exe 85 PID 2724 wrote to memory of 3240 2724 msedge.exe 85 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86 PID 2724 wrote to memory of 1940 2724 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910c7d19b50611be17e4c134a36e387c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff9278146f8,0x7ff927814708,0x7ff9278147182⤵PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,3021084503710566411,16064638404417318730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:22⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,3021084503710566411,16064638404417318730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,3021084503710566411,16064638404417318730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:1940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3021084503710566411,16064638404417318730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3021084503710566411,16064638404417318730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,3021084503710566411,16064638404417318730,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2064
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2080
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:908
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
1KB
MD5773ad2c71d26aa0bde8a558a0d4c4fe6
SHA1aa2a223922501317c07236e51417ac7d92181153
SHA25664f7576e3794a0c79d5d0c2251431391b771a77578c2c7cb25ee532a9b1e5456
SHA512eff977f70e885ffaf526362aaf6baa735ebd97aef14eaa87a49c9d15f4658d480821ed329c82d6977eeb1765d698374788f5f6331ae2bdc15a15d61ecbc9b585
-
Filesize
1KB
MD567a61af6f323e0359502daf2e65c85da
SHA12b141264f0b9ad1bf44a2b19646d823809899ad8
SHA25611fb0e42eec5d5f0f8b9916e9b1b43a5e4d252141ea72d7320333512f528da2d
SHA512661053ff0a332bbc74bb3f1f8c8ca9ff8fa0bd1d4660eb9b19ac1fa341fd576863816e9c6a8b6a5f26df8adad4aeb78a75489a483a3416f9420c459018d038e9
-
Filesize
5KB
MD55a020c1f1b38b039039176bc3a9cd0cd
SHA13052cbba68949f5338c62ababce2e9c430e1adbf
SHA2566b0972fbfc9d4cc36e3b7e58249f3584a0efffc1384309453cb492bfed70a54c
SHA5122f9ce30ac45c016a1cbcd1a75c5fe184baa554c7f66ac454982a27a54a3e5750fc27b20d233bd7b8edec5c06f7a1859037dfa2fa416853fc9e80dedc88c6be04
-
Filesize
7KB
MD5c4b3bdc84cc1e0de005a4d936d8d69f8
SHA1d99791922d635f76ecc50f434dfec41de61ec307
SHA256162b1d1781bff59b59d4ee156bdb3f8f866e7186dc7fcf7c8c65346e8891a772
SHA512e89a908e22203c443113bd67203d005002659c352bc1803bb1df400576157cd7b184d4d0caf9feee33abc9d9bea0798bd0db0102e6b8e9d13df748945be8acfb
-
Filesize
6KB
MD56b935a89c1196d130dde95f10973db25
SHA1dd8e65214cc87f49dc737615a284062329a0d690
SHA256ab6bea1659907a3bdb3da594fdd6a7324efd68b401131ea004ebcce84ca914ab
SHA5123c20eae5f27c297f4cfe997d36babd870457b5a894021799cce7bbf81f8956628c6640884b44cbab19d06e9d0d14eb17906be939baac6d03ae10f46c182d8460
-
Filesize
539B
MD51cd5dcadd2433cc30cbdc9887af988c4
SHA1c4177d4b6d535a28a24ce41c57949f4bba03daf4
SHA2564b151bf25e6992b8d8fdb307c1a89ec2be5a2892b00c8dc44877523366c0f0c2
SHA51245e7bb4743b2f5f67d167c497e8cb50995f8843a4015b59c421799a818ce98cb827c2e24b92886741d85a609086fd095c7478812295a5110ca4231297f5163e8
-
Filesize
539B
MD5a903dc29c6269b28f5dfca68b8b1df43
SHA1b942cd936de55363d5537e1dfc1ea0d91d4b6482
SHA25651a2d4797ea9736f9cd78f8ec38deb7745ac9f144a5d764a6bb49dbe6a9fe1b4
SHA5125f174afa3829fa3883ba1e457260f843649388ac91957be971b751ea131f84b35ba4dfdb40c386a2a7b5b4edf332dfc00731dbd8fcc50128362e120a31216173
-
Filesize
11KB
MD58a1d9eb9598b10e653ca1042917cb7d6
SHA13d2e64d333ab7411fe507be881cb5a7434f91583
SHA25601b1d266f389a654106f09e8f4470cf96a95af1764e9a56b881fa62d08605285
SHA5122dc4cffede700037fa2d9b735d5b6cceae6b4e20561ad4465a63d998a8661110ff63a6a90e5ebd06d07c17e0643f1196dbc27473c1ea593719d15091e8f57c27