Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 10:40
Static task
static1
Behavioral task
behavioral1
Sample
9179fc93ffe16ec56307bc20dd22bb64_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9179fc93ffe16ec56307bc20dd22bb64_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9179fc93ffe16ec56307bc20dd22bb64_JaffaCakes118.html
-
Size
8KB
-
MD5
9179fc93ffe16ec56307bc20dd22bb64
-
SHA1
1e169e9a922c291039e40619e3c7c968ae9d02cb
-
SHA256
be723103b74af2a8831596aa28e4cded3b14c5b3ad794bb4f211d141601ef665
-
SHA512
f74838ca87180ed0a84a116e18c32f1dc772f2fbddd45779eced124cef81ac650bc253b1001564262473a653fa19a25e60398c27e05f17da37196b1328f67d01
-
SSDEEP
96:8Hd2ZC1AYjStXUIMfUiyU46ocV70/eqwp5t0niY90nn2XE7KpnvUotftFtNEEkdY:mdVjGpGoE0/eqgIZKnFu9FHPFkByv
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1756 msedge.exe 1756 msedge.exe 2800 msedge.exe 2800 msedge.exe 1152 identity_helper.exe 1152 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2800 wrote to memory of 4976 2800 msedge.exe 81 PID 2800 wrote to memory of 4976 2800 msedge.exe 81 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1320 2800 msedge.exe 82 PID 2800 wrote to memory of 1756 2800 msedge.exe 83 PID 2800 wrote to memory of 1756 2800 msedge.exe 83 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84 PID 2800 wrote to memory of 3952 2800 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9179fc93ffe16ec56307bc20dd22bb64_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc0446f8,0x7ffcfc044708,0x7ffcfc0447182⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:1320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:82⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:82⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8253795171680948412,10611561821595868402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:22⤵PID:3144
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4208
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4908
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
5KB
MD50c6f6e18f164f3eb0fbbeabc7eea1366
SHA17a09547c5cb7ef5b46ba387f98645ea808b66d5b
SHA2563108b1247c25cab65c81f0015dd4d4405ea86221c8bcf8ca22d0d0ebf330dea8
SHA5127e47ce89e10cecaed3f28c1a3ded6b85472d73709d0f452663b4d96984d73233001d1b535b7528d8c7887993352ca7f7cd1c3662322e9a5bdab4466ea20d26ae
-
Filesize
6KB
MD512e95302f44782a153b1dc471e30fc4e
SHA1b038c6c128d7fe205f06b5423c6d3b8313b20dac
SHA256c8b4150f241ec3ad49964e9286f82298b2e84cfb558dffbc57017264f629a048
SHA51270b33ae081beb1e686bd5104c1570d6ec0727115b461837d6d5c38065f11499c9b23857ef35a7fdd9f91f3b17d95b685b86ccbf50da583936da3c0b7fc320f98
-
Filesize
6KB
MD569e8e86d5ffd5b486b8a87596754d074
SHA1335ed77aa18343f2fd1acaa91409f724f10cd751
SHA2565a7df8e788f1d20b804f38555a1e486dfc715f346c813c51d8969a074d9be846
SHA51253a61538fe8166d550d00aa180a88a8e840d51d57b4d5e6b140266a497ab51b94cf289ddf39044b9576b686f4203eb0945ce3f74a2d5a2a412eda787ef2af846
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5951af27dd9b806ccb965f76086db3bd5
SHA11f8300d0d4ba5d28d46cf08c19a8e0c2eef60bf8
SHA2562e034313c2b554503d968dc631d4536b1cc1f93c347f91bb6219d482e033c2c4
SHA512729820f61211e07a20e3157cf3d4a8c5dce4ea713e8dc3b12fad828918e118043a283b57f65107ca3b36dea202d8b0627f8e54de4e56a9c2512fe488893c9a20