Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 10:40
Static task
static1
Behavioral task
behavioral1
Sample
917a1149ebe0632e14da57942ff71606_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
917a1149ebe0632e14da57942ff71606_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
917a1149ebe0632e14da57942ff71606_JaffaCakes118.html
-
Size
27KB
-
MD5
917a1149ebe0632e14da57942ff71606
-
SHA1
9039a912f69d66e4ec1cf155d76cac0f2707447d
-
SHA256
1bead143c4831ad2376b34ed7809be43a6fe5e6b471bfe0df5f49b2fe2f60c32
-
SHA512
692788c5b4449f0767fcebdca26d48a101ddbda49e386c80975fee0601519a38eea87bbcb93c9ba44fcbe18e2a262bd0843209d7e3a014ba7ed2a6bb31dc9f90
-
SSDEEP
768:x1hpKVAqnd+qi9q7B2EA9ilaXVG2S1//s:x17KVhnd+LAB7A9ilaXVr
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4204 msedge.exe 4204 msedge.exe 3968 msedge.exe 3968 msedge.exe 1952 identity_helper.exe 1952 identity_helper.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3968 wrote to memory of 3760 3968 msedge.exe 82 PID 3968 wrote to memory of 3760 3968 msedge.exe 82 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 1676 3968 msedge.exe 83 PID 3968 wrote to memory of 4204 3968 msedge.exe 84 PID 3968 wrote to memory of 4204 3968 msedge.exe 84 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85 PID 3968 wrote to memory of 4380 3968 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\917a1149ebe0632e14da57942ff71606_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0xdc,0x7ff9903a46f8,0x7ff9903a4708,0x7ff9903a47182⤵PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:2116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:82⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:12⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3432755660286016454,958241086649050903,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1272
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1220
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4944
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1e959ee5-16a0-4139-a5d5-e7464b51b420.tmp
Filesize6KB
MD58899465dfa9ce9573ec8d0db00c0e0f9
SHA19b8b0529f37346f5a08a9317be6a5b49d639b4b1
SHA25602f419a7288cd13f2e5cfea89db4ea41009cc96aef4b87f4e569cf46cd07cfe8
SHA5121b7d54ab7d62883835e9a70a9ff3e79715203c131b2b7a2e71fb1fb6f97845362a9d886e7cee85c190911c6d76b3be16b23bb987d5d970a109f867336b820590
-
Filesize
394B
MD561c57e0b40a25b9f7aa41a0b10e9d934
SHA1c1a099738e44dab471785e205deaeb9b71f8569f
SHA25644e922f633ca8155ea5eaaf18c1ce98ea77c1919038c60114760e960ad74400b
SHA512408303e03396c9d3bd7ad83cdfdb6d4fe6cd7100f6cc119a16d5579c1fabaf155a5b2d826ff044fe3aed1ff1b0c7386b78df230bb4e29c22a0f5fb03487c9547
-
Filesize
5KB
MD5ab3f5ab855cd398a33e2ebdb4ce57efd
SHA12a04d6e65719968a625a6a997df929ccb9b0b743
SHA256791c1d5012ea484603be619c4d5dbec3fb9869bba981bedddc9d6bb16aab629e
SHA512939b8151526096d4b7a8122e2cf66f2faad905cfc60e0dbb9eb11e953cfc39f8fbb47acfa4168c7c74b295592383dea785b329593075752ff453fdfcba2ee1bd
-
Filesize
6KB
MD530c1e93bae6cf41e044ebb00519a1856
SHA15c2f09202f3853f90c3ccbe835b5c49c275e8f10
SHA25665cfae9b6dcf2b8b7ff0cb59fd14252556688e0ac16484914e644b0394b39431
SHA512383df0f0b7d86733685775f2d2aba43404dec15c5fc8e4dff5af8a18fed4b5c6624e3eafbddb75420a38ba21337cfe0bddebf4f031b4c4e27578c248b9c275ab
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f8e1d436727f73f43fc3802e338035d9
SHA13266aed3abf31b3e7652a568d180cadbdd57f4a4
SHA2563c1154b3149c512a0d599f09c0755977ad8f0a03f8dc2cfe2a1ad3761625223e
SHA512e7f7dc3df94fcedaad4a59022c91d734db90a97f839c3379adb21d62571ce96dc5a38e1bf0a2b467a199e3086292f28aef88e5d5a46fd036b8dc54d585002fa7