Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:00
Static task
static1
Behavioral task
behavioral1
Sample
91b5df071498450cfc3fc1c52e861d82_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91b5df071498450cfc3fc1c52e861d82_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91b5df071498450cfc3fc1c52e861d82_JaffaCakes118.html
-
Size
139KB
-
MD5
91b5df071498450cfc3fc1c52e861d82
-
SHA1
ef54b343aa9633ffdcdaf26099dc74439df88719
-
SHA256
f96444337f9a8ed13388acfb064f201e31bbd32a5ee202013bac5811d0ecb484
-
SHA512
ddf1766337532bee1bf403463765bd14a9fa4179d9fe0aea7a786cdddf5fa8bfaf196c44885096260ceebc2e5f725c13ae0b63277d85f2f9740827f75c552021
-
SSDEEP
1536:SzVhCblmSwyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:SzCMSwyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2780 msedge.exe 2780 msedge.exe 208 msedge.exe 208 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 208 msedge.exe 208 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 208 wrote to memory of 640 208 msedge.exe 83 PID 208 wrote to memory of 640 208 msedge.exe 83 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 1968 208 msedge.exe 84 PID 208 wrote to memory of 2780 208 msedge.exe 85 PID 208 wrote to memory of 2780 208 msedge.exe 85 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86 PID 208 wrote to memory of 3732 208 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b5df071498450cfc3fc1c52e861d82_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3ad546f8,0x7ffa3ad54708,0x7ffa3ad547182⤵PID:640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:1968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:3732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7704124117627588226,17722656367813512153,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2144
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4300
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3684
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
5KB
MD50127a63ac31a7e05511bf40e5ed5bb06
SHA1d8d45ac34245eb02cda4f1e1e3db91a829b83b59
SHA256cba87f034000c5f26adc7bcfbded5bee41bad39046a4b051baccb305be9a00cd
SHA512fb378d1c0e49f1731eea34861100ecf60241a19655756a2948afeb0792a59c26b104d24ac3430986e2042adf74b42b028253291ac5ec123d533bc696e285c0ec
-
Filesize
6KB
MD5f9c87372feaeb697db8d5683b24ea714
SHA1e88ce2ac20fddbdf8706ea98c943dbfee6a27fc8
SHA256b19c99d2cfc0cc73bad823386aa245356768c5642c5dbae6b4c06a68f8665710
SHA5129b47d149d1f3d39a667b34f1f3860a3001cb6f8056e9a23337de77c23622a39227952f02952cd50068c97f525e4df9256d894fe3c71d11ca4da510e491d031f4
-
Filesize
11KB
MD5d4c4ccefc89dce9691ee6da0d6eed1c4
SHA184b4656ee6bfcc2344dcf4c7bce2010ec0d27efe
SHA2563540422753fb25127c11e258fd3dc6a3730bfbf9874dcf60aec5db46d48a3a5a
SHA5123502971f093917a0958b38771ff5a2496d40abcc2701265ce2ffaff42423c2ccc2e7ad0e9bff3ee79037673d2130227b2cd9f11e0377138cdc9faadb145d435a