Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:52
Static task
static1
Behavioral task
behavioral1
Sample
91da85a7a63a431d0ef01e4570d9c874_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91da85a7a63a431d0ef01e4570d9c874_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91da85a7a63a431d0ef01e4570d9c874_JaffaCakes118.html
-
Size
23KB
-
MD5
91da85a7a63a431d0ef01e4570d9c874
-
SHA1
c22a82d4cbfce33701c7d8e62c87bb06d5d6a1dc
-
SHA256
15deef91308e3e1ab125a0e83260abb5330b0922316b32b89380064f928e7307
-
SHA512
88329f691e957376c3d20ed8c65f47888bc45ad96974e4ffda507c3d44187e72d3de2296fa0b29d1c2587b8617b97eafd24bcefbe3e9894ca7ea6a70d23096a3
-
SSDEEP
384:BwvHOrliVN80cyVCyIOxoS9INnBb4efD76zr:BwPO50cy46xWZ3fG
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3104 msedge.exe 3104 msedge.exe 1692 msedge.exe 1692 msedge.exe 3872 msedge.exe 3872 msedge.exe 3872 msedge.exe 3872 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1692 wrote to memory of 1296 1692 msedge.exe 83 PID 1692 wrote to memory of 1296 1692 msedge.exe 83 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 4584 1692 msedge.exe 84 PID 1692 wrote to memory of 3104 1692 msedge.exe 85 PID 1692 wrote to memory of 3104 1692 msedge.exe 85 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86 PID 1692 wrote to memory of 2940 1692 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91da85a7a63a431d0ef01e4570d9c874_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff488146f8,0x7fff48814708,0x7fff488147182⤵PID:1296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9753714234201852652,12524969872245657084,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9753714234201852652,12524969872245657084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9753714234201852652,12524969872245657084,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9753714234201852652,12524969872245657084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9753714234201852652,12524969872245657084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9753714234201852652,12524969872245657084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:12⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9753714234201852652,12524969872245657084,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3872
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:460
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1808
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
183B
MD5a28fc8c7b408c9fec7eb29ba72319a1a
SHA12b1815d04fb077e076a7c078db984304b82cf50e
SHA2561d26a34f3b686ef9b0f4402fd77dbbf4e517c3a60d31f19751f038953abe9e65
SHA5126a6f10e0011b2e2f335d65b2b5da07e47e06aa5eeb22ac8950f63928c18242952d216526c8a2ba909ad04fdaf073215c4277272c6de2a28c7cb39a211f0a78bb
-
Filesize
5KB
MD56e133a130084597a05385e69f315b679
SHA1566f73f9c50241c9ea9795f11e6c7d411ff8ea82
SHA256f1ee1a3438f6b2ace73140def5de7bcd7b01c11297739ae07bdf8d661f83aa86
SHA51238b138da478e8f22bf188007d92604f56858ff6c6c8d0b8aee2c07ab8b6aa0bf600b6b7d4d9b1546d8a347e71e166c95a4cbe9be1a3f1071ea65ba01819e0d1a
-
Filesize
6KB
MD5faa2509fdbfc4861bf72faf7cfe2308f
SHA102c02167b889b4c1490647d2cc32841094bc4a11
SHA2563a5fbd16b1be6f6ff486bc933896b9d965d522941b52b8427e3f41d42ddd590b
SHA51274b13f968eff6ac58dae1127612f43bce3a7f643c02809ffc9f7f76517635d3d309ba01ad05e2e6b8c57874ffe70a501c156f33df978fa441b59ce03f7618b0b
-
Filesize
6KB
MD5a835325376f2c3a340811ae02cb27563
SHA1b6605b8085263022e4e9a83f57a4dde4a5ab51c6
SHA256c5b027664e7fdebb208a749cee4e0d9772d2727e2cb6a3dcfa20878eee47f784
SHA5126d539dbf63ef7bfbba48d32489b1327689c9be1c4c98a7538b542db2036de409ce0247b54840d6ba92ffb3fd0c4d4b26eefd2bb9f84ee134c6e1f6513cb55791
-
Filesize
11KB
MD5db1f1565212d12311f1d537390ce6162
SHA181055eeccc7063da66d0dee447c6d5efbe532b66
SHA256a19517bbfd6c37bc41bbefd87dbbbe0605b4cfc954e119dc69d607b9f4175b3d
SHA512582bc6bc99aa95f7e191307b11ee9195e19591482808ba445fd43885a328e8ec3fbf67e22c41865c4dd84a6f71ca5bb3e2b5a2fc805f5e306ea47bb84f565e2a