Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:53
Static task
static1
Behavioral task
behavioral1
Sample
9130a3346a4d05d5cf7e3c71bdf04aa0_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9130a3346a4d05d5cf7e3c71bdf04aa0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9130a3346a4d05d5cf7e3c71bdf04aa0_JaffaCakes118.html
-
Size
218KB
-
MD5
9130a3346a4d05d5cf7e3c71bdf04aa0
-
SHA1
5553023050997b50118ddeb2d3d08b8327b279c4
-
SHA256
2451db0018a6e32f383ad0860d24342e1941cd9520a40c40006fcd835f65ec1f
-
SHA512
aebe00f9980760eaff02d284fb6276672e82690eb2a4633dab09ef26f2517fac72bf08341efe91b121fb64f2a1efa445c73f3a6e7089866a97db8939a89b0d8d
-
SSDEEP
3072:SPpSBOCVn4wLpyfkMY+BES09JXAnyrZalI+YQ:SP0sG4OMsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3380 msedge.exe 3380 msedge.exe 660 msedge.exe 660 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 660 msedge.exe 660 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 660 wrote to memory of 4252 660 msedge.exe 83 PID 660 wrote to memory of 4252 660 msedge.exe 83 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 1748 660 msedge.exe 84 PID 660 wrote to memory of 3380 660 msedge.exe 85 PID 660 wrote to memory of 3380 660 msedge.exe 85 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86 PID 660 wrote to memory of 1928 660 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9130a3346a4d05d5cf7e3c71bdf04aa0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:660 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa80746f8,0x7fffa8074708,0x7fffa80747182⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:82⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1373048790649235861,6489744835909488410,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2360
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3656
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3412
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD587c51ab554d5d094641cc1e531346a01
SHA15639d5537bb8db3a7b389c12f2e6e8393de039d7
SHA2566e761cef1c9076492127efb7fc7ec406ca3af1d05f292cc9ec21ffe6b50f18a7
SHA5123dcebf789a7c83d25298bcb0537c0b321f61fa1121ca95e5178766c51e53356d4ae3e8c89d5f4e640e1c5775dbd4fbf83d25b470db57c6cc3edb970db8a27604
-
Filesize
6KB
MD5d2893af0407757133adce96fe3cfbeef
SHA1ef9c5e9c03dacf39d56c64099d4464f39565464d
SHA2568dd64c115d0e92ec07145d9f12abeb49e97b3447fe7fd9f5d9bc2cac149ae61a
SHA512fdf11b738d1953e594a5f65d2c78e3bbe600abe759a1012e92d2378021ec4fc4347db32f24d184f7ca6fd623da534b37246b81aa62c979473cb07ca406edc38f
-
Filesize
11KB
MD55dba6bc990ee256c91e68939ddd73f68
SHA1f075666899e364863239a6279ce88966f5b0fd6b
SHA25688911914157afd1b211e768d753a79022f8fa5b71fb1ea26f6249f2a2db7e668
SHA51240b767b53524f4cd8a679440d89d3ae163afa465200f218b0f968e4a99165c61d8d53a9a0330b0f21ecc233dd85cea78a661736c6aa39049f37f7e8e806fb8cd