Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 11:59
Static task
static1
Behavioral task
behavioral1
Sample
91b5172acfb37a0791d66650385a69fb_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
91b5172acfb37a0791d66650385a69fb_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91b5172acfb37a0791d66650385a69fb_JaffaCakes118.html
-
Size
156KB
-
MD5
91b5172acfb37a0791d66650385a69fb
-
SHA1
2e57d932e0145ae8ea35c4b772b2cd093472bf0b
-
SHA256
50a2fe6063615eca385a46b19499b84f93cf2c00577a7c1af78ccb95d2680a75
-
SHA512
ca19c13ae6707ab4cb975576700648bd0d3ea4a39c082fbe16f5bddae3c374ee37c1092d767cf1b7cef21c2b53b17a457881c34f31036ac7d1844cbde0513811
-
SSDEEP
1536:qsEmrg7On/yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:rEmrgS/yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4780 msedge.exe 4780 msedge.exe 1224 msedge.exe 1224 msedge.exe 2240 msedge.exe 2240 msedge.exe 2240 msedge.exe 2240 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1224 msedge.exe 1224 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1224 wrote to memory of 2916 1224 msedge.exe 84 PID 1224 wrote to memory of 2916 1224 msedge.exe 84 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 436 1224 msedge.exe 85 PID 1224 wrote to memory of 4780 1224 msedge.exe 86 PID 1224 wrote to memory of 4780 1224 msedge.exe 86 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87 PID 1224 wrote to memory of 2520 1224 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b5172acfb37a0791d66650385a69fb_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1224 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c3c46f8,0x7fff8c3c4708,0x7fff8c3c47182⤵PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:22⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,16036274287504200498,2330102132121842786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2240
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3960
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3328
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD5d2ff1aec5b391d1733f5afc4023fa2d1
SHA199b3fff23cc9f33a1c7670f51da148ba30aa8fdc
SHA256234bc0c729ace2bd0cdf8b162dcba158bb3bda6aec2e321ca9978cf502657c96
SHA51258278f8fdd973ba702cb69b851c5a382020a92dd860dafc446f3258e36740e2910756cb80ff936bcdb1894cb97c962b963dc89c7a7fd9ee6bef5f3d54f2f0031
-
Filesize
6KB
MD502dcbf665490e9c9f9c5f7e04f73241a
SHA1127b25ee1eba133ed4970b86c151e4a073c525d9
SHA25698c1c57c89e91f8994b7dd0cc752f3a4a0194e071a10283fd47cc46a2c67550d
SHA512973225c28da84ce2c2b305fc127d3dbdda178bfaede1277b05caa4d51f11480cdf4e0711c318f7eebf1377af8cd494598cdf298ed936db6d6e60d310978bd29e
-
Filesize
11KB
MD5932b3021d7026cd70a78b8e6f27ccf1b
SHA110f41ef74fa58d7efa8c270d44f5d2565268db54
SHA256ccee9ed992992a5c86a8542ac9d0aeb3d1cfb177997c77e84dfbeced3689464a
SHA512843305f1a4159bf22b7562a5cb7c9799563b04291aeb16b4845f1b51a5fc8f8f65fb1a95ddffb941657e2ea269d683ea74bae0159154dcdcc16949613ef72a45