Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:49
Static task
static1
Behavioral task
behavioral1
Sample
912d48c47eaf458dbd400181be14c511_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
912d48c47eaf458dbd400181be14c511_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
912d48c47eaf458dbd400181be14c511_JaffaCakes118.html
-
Size
18KB
-
MD5
912d48c47eaf458dbd400181be14c511
-
SHA1
a54fdb7b71067a948461305f927197021c0af903
-
SHA256
4bb1cbdab63e0ec946663e53e7a2c76f72f187ff43f893df401403ccfbfc14a8
-
SHA512
dd977a765f70a85100dfc822be0152a8d40ac6e07b930c35cc36e1d2551fa9c230cd425ba7c89dbf73fc446f72ce2f74ffcc3c9fe8ba284de4390c89848f228f
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIS48zUnjBhga82qDB8:SIMd0I5nvHLsvgZxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1820 msedge.exe 1820 msedge.exe 1976 msedge.exe 1976 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1976 msedge.exe 1976 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1976 wrote to memory of 1860 1976 msedge.exe 82 PID 1976 wrote to memory of 1860 1976 msedge.exe 82 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 3624 1976 msedge.exe 83 PID 1976 wrote to memory of 1820 1976 msedge.exe 84 PID 1976 wrote to memory of 1820 1976 msedge.exe 84 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85 PID 1976 wrote to memory of 5092 1976 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\912d48c47eaf458dbd400181be14c511_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86ae746f8,0x7ff86ae74708,0x7ff86ae747182⤵PID:1860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6381431364341750037,16998290036133126601,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6381431364341750037,16998290036133126601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6381431364341750037,16998290036133126601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:82⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6381431364341750037,16998290036133126601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6381431364341750037,16998290036133126601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:3020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6381431364341750037,16998290036133126601,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4996
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3236
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9d587aba-dbe5-4258-8932-5875ec87ddb7.tmp
Filesize6KB
MD53b811b6f72d615b7c85b7b3f5711dc25
SHA1d4f720c6aaa8296e1e889075b48b329d24e7bb9a
SHA256fe6eb3a604cebd49a567587a02445fae6fbab491bb4ff6e7719c0b1e15ae445e
SHA512fe9737487e95f7d44dfe29c6810d77ca2484b65d559f11593ab99b23a39b1a80f9ab700e0bc702a0ea912c27cc96a779134863248a9fd3e92583aadc22708142
-
Filesize
5KB
MD5e4fb6c7b87dfa0c06d28b3a467130b52
SHA101eef2df7dc76e31f605c7e81582c2c697a32948
SHA256b8567bf385f7dfa907cf44f83fbb21d6b445a3b2361850d300f447bd2cb48661
SHA512e1341cb61da9c3c15f136816f479a73361768b34f8b047429f2dd599866cefd2164f1f38d2bc239530155ae120e23a69e71426d720d4c85a9967d2da833cbdb1
-
Filesize
6KB
MD52094761b7483a72437b571fcf8a965c9
SHA15f10637ed8c0203ffce6b3773489273beb39891b
SHA256479a3f3cdbab3100e56c1be9ac18afc77ea9314092ebe44e262d57b5a1be0e84
SHA512b5d6ecb3e4016a056477a13c9f822d1af95a0e61ae24be5867ab5b3dc9276c3cbcbb8643664bf2e3c69e998656e46220c95985a9ee152d3187c118fdcdff88c2
-
Filesize
11KB
MD5412690fab6713f93b392847c5de19737
SHA103529193612eec89493828dca732149656920085
SHA2567236d232c70fd0dbb4ead2fdc97ed4867c74e99b36b20784c3d6448ebe89e724
SHA512f1e0bbd468739f264851c2bf75b5843a0ec45c847347c4e840c71c8069b248d9ee8dd7ee70a31845041936128f903796f07e6e7a6ab7015aa2aeae832267c3a0