Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:01
Static task
static1
Behavioral task
behavioral1
Sample
91b62bdb857f2b758467a1689138cd50_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91b62bdb857f2b758467a1689138cd50_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91b62bdb857f2b758467a1689138cd50_JaffaCakes118.html
-
Size
228KB
-
MD5
91b62bdb857f2b758467a1689138cd50
-
SHA1
e704c9b38a43883a488aa83f919ef289aed7d776
-
SHA256
0b1412302018f2e5608e62aafdc4b54f291848269ab9429db572915209d047ae
-
SHA512
3151fbde2195f5d1fbce5a87562a764c984fb0e22285af13982bd62a83123c99200eb693370adedd6b04e94499ac33860264462cb1a19d999f0c2a5f763e0e78
-
SSDEEP
3072:lKi3a7PxkKmO8MP63vkxEyUtCuBFseIWVTmz46E8V:lj3KZkIPW8xEyUtCubvt9I
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4480 msedge.exe 4480 msedge.exe 3664 msedge.exe 3664 msedge.exe 844 msedge.exe 844 msedge.exe 844 msedge.exe 844 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3664 msedge.exe 3664 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3664 wrote to memory of 1408 3664 msedge.exe 82 PID 3664 wrote to memory of 1408 3664 msedge.exe 82 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 2484 3664 msedge.exe 84 PID 3664 wrote to memory of 4480 3664 msedge.exe 85 PID 3664 wrote to memory of 4480 3664 msedge.exe 85 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86 PID 3664 wrote to memory of 1928 3664 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b62bdb857f2b758467a1689138cd50_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa996346f8,0x7ffa99634708,0x7ffa996347182⤵PID:1408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11938027202924003469,16787447910132083714,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:22⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11938027202924003469,16787447910132083714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11938027202924003469,16787447910132083714,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:82⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11938027202924003469,16787447910132083714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11938027202924003469,16787447910132083714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:2364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11938027202924003469,16787447910132083714,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:844
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4800
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2708
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
988B
MD5173802775195533e97f5150bbb82b73e
SHA12fa2d5346f2199c2f9f60f3a9040bbb1eac4cac9
SHA25686e797680a2b31114b62b6b4bb8eb65c8fade90512537cdeae8e05681e72f2ef
SHA5120fbe7be0a2d5ef456b460ee23c4fa1779b699a46665e53aa9637da1201df1dc6574e804942aa45e3ab4edcd06d49c2be5a51a18adc1fd33b0bb16eb5f0c22423
-
Filesize
5KB
MD570529ea569f5153b54945d67ebaea2c6
SHA1eed283dd7d2c86a693208697938399e7f48e68d9
SHA256fdf44e9777951e68843c9c49348214c3ca53364fd28c5e6b7427cad800dffeca
SHA51202dddd29d7e385a38b26e4e295e1a3d1ec9778fb9a77f31d29a5c13a3d0b01f96c999b541d8007df3b16c56dd98795217d9d469dc2df06686b0b645534c4f2e1
-
Filesize
6KB
MD54308a7174fbcac5120e5449c261b6f1e
SHA14cbfa0833dbedd6aa2d163aa2500b2723d226951
SHA25613a0b0a3baefb5302227231d335b291d4981635e219807e555a23fb8aa40c407
SHA5126dce910d71c1092e42eb6ec7de7705f2e245602e392620935de2d35bff6ad728a03e29bfd51492f5732ccfeef4daf67817981a7389eceaa718cbacab0287e393
-
Filesize
10KB
MD55618816fec1038d7dafe326277b131e7
SHA16e09128bd46de012efc329137b6c7cad55dceaf8
SHA2564968664ff5f118911c1db63cb579fa3eab74cfa5eaed9c434e4d40e2e0f09f4c
SHA512d06bd81abfa19d6c2053064ef6f96d189d0d56b75ce5bee04a5326bb32a6eb0ed89c479663663c0e4e896923646acbcc80d9082beee0b686d1e52044669d3341