Analysis
-
max time kernel
147s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:00
Static task
static1
Behavioral task
behavioral1
Sample
91b5b15952446b78a489a645d37c11c6_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
91b5b15952446b78a489a645d37c11c6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91b5b15952446b78a489a645d37c11c6_JaffaCakes118.html
-
Size
23KB
-
MD5
91b5b15952446b78a489a645d37c11c6
-
SHA1
3bf22ecd48ff4aebff0bcbc765bce7d9bc663b5d
-
SHA256
ce375d8e6c4ef0cdd610408c8c6a4f57287da36b85232d4b3ad91644b6acb8f1
-
SHA512
6ca5096f7fe1c9c1ca01f5f7c2d6e84adfd9959565313f34a571581c4394b534afbd94f315c2754b29f60f0f398c499c221fa092cb07adfd069eaf4940146048
-
SSDEEP
192:uwa1j+94M5CwBb5njC1jhJYeKEUde6oWnQjxn5Q/dFnQieJkNnAaCnQOkEntX5ML:YQ/dbMA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2552 msedge.exe 2552 msedge.exe 2060 msedge.exe 2060 msedge.exe 2476 identity_helper.exe 2476 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2060 wrote to memory of 2644 2060 msedge.exe 82 PID 2060 wrote to memory of 2644 2060 msedge.exe 82 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 4596 2060 msedge.exe 83 PID 2060 wrote to memory of 2552 2060 msedge.exe 84 PID 2060 wrote to memory of 2552 2060 msedge.exe 84 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85 PID 2060 wrote to memory of 2156 2060 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b5b15952446b78a489a645d37c11c6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9924846f8,0x7ff992484708,0x7ff9924847182⤵PID:2644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 /prefetch:82⤵PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:12⤵PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:12⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6315768682117368589,5934215291012573186,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2500 /prefetch:22⤵PID:4068
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3736
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3108
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5f35410ec55887e44decd06ff3ee32b1e
SHA10af406614e931a81c881b99860f6e495c9bf02c7
SHA256ca2a7fcd30374c02020e66e729a66e02f550db3a96353d73ab2ba25d5f967924
SHA512be4e67ea70b1f42e65e54f35448f25dde71254380271be90781cf8c0e966a2346d34c87605e2597e2f147033dffb67348067d84995de362f4f733216dbe93b79
-
Filesize
6KB
MD5772b8f508d33184863fe31eee4799826
SHA15cf008009c87dfb6fe23d0cdaa7d4f8a8bd5d7b6
SHA25639037de84deea35e0e9aaa04dafa37ffcdcf662cd2bad88f9e7eaf34c2638f8b
SHA51233c43793756b33bfb020459e7f1543ab7cb0903ae69c781e3d8df5789de1eb9f08c0540355fc42fb2c180f7366d7efb93980f9b9c1df2f61d3a8228af32e26e4
-
Filesize
6KB
MD5f43013762a61cc756e5f211b0a7566bc
SHA1a5934b0bb0f58cde35e6f545e0297e6b4b451741
SHA256f3c533723f5ff1e55b0d9bb08e4d7fd4cf18e11fb91c2b0add5671885cf0c9dd
SHA512940be98110c3d97f34a8a7d2289e3e1735086df59a113da24969e96cf3190aac8cfb02171c7a11e6ed890cc8893947d791dc32d84768c560bd0c85078b2058c8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD54cbc3f16b832fad62f600b980871bdd9
SHA1037b614718edd77f777893f59dfc7b895f82444e
SHA2566d905f4ad31d946a4fd8a6eaeb8a783fdfa6b310ca6b648cea3ed67b96bcff21
SHA5126eac8672428e59a6263577c85e445997d65cf5eb0352c6ffc5f853f703212385f049aae6303f18dba1031205ffb8e4c6b4cf4820844c7a874e0ef177ab218441