Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:56
Static task
static1
Behavioral task
behavioral1
Sample
91ddaba7b4b55dfa3843d534c0417b5a_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91ddaba7b4b55dfa3843d534c0417b5a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91ddaba7b4b55dfa3843d534c0417b5a_JaffaCakes118.html
-
Size
16KB
-
MD5
91ddaba7b4b55dfa3843d534c0417b5a
-
SHA1
1904f0c716b8aa9b2eff66508d4f797a01fee7a1
-
SHA256
25799857809a5075b66cc72d221b54127cce8ef7caae99535baeed0e3f3b003a
-
SHA512
ecddde43f21c2e99c3a32b6943f9d34272367d57422f5ffd7916b8d1316463659b320e279e671810ba1c6c58350707c3639362a916ed9659931967e93a27deb4
-
SSDEEP
384:X28H4dG3/i123OJ+HSBUSq9HI0/e2BMKDJ+lP0Du3BCa3bSD+8:Z4dP639o022CVb353eX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5320 msedge.exe 5320 msedge.exe 3996 msedge.exe 3996 msedge.exe 5552 identity_helper.exe 5552 identity_helper.exe 5448 msedge.exe 5448 msedge.exe 5448 msedge.exe 5448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3996 wrote to memory of 4460 3996 msedge.exe 81 PID 3996 wrote to memory of 4460 3996 msedge.exe 81 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 3684 3996 msedge.exe 82 PID 3996 wrote to memory of 5320 3996 msedge.exe 83 PID 3996 wrote to memory of 5320 3996 msedge.exe 83 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84 PID 3996 wrote to memory of 5316 3996 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ddaba7b4b55dfa3843d534c0417b5a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff427246f8,0x7fff42724708,0x7fff427247182⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:5316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:6128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:12⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:12⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13487528384345653446,11491850272012257614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5336 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5448
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3912
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD52f4f6e08cde7a1104c4da98290a658a6
SHA12648f43a982436545cf206b04b9b567f124251de
SHA256f50d7764e2cd67a9c2e01639ae994cfeb33366f043cdb233fb860b86fba56ffe
SHA512721395b5d2b4de31ce692234568a8c5365323cc8dd99bfcbea553070af318041ccf0b84a10162482d0fde8f0a1b6d87fa70cdd52550f12de2b7671ad1a660b9b
-
Filesize
5KB
MD58e03b4aadd14b74dae6867a603083b3b
SHA1d7f679e0b008f516d6798bb240efbed4a4238048
SHA25689d4f52483448a56d926cfeac94a801fd2f01158dd788ac8b80c2e0b810e60ba
SHA5122a923f070d9d8108ff18423c94452ab673ad030f8835c90fc0d6ec1aea8f13f5039aaaa1ddc84cc986b1a03806e4692ab995da52cbb141da070c53a05dc0de42
-
Filesize
6KB
MD51acb21f520d836fb013eb5ffa14ef2ff
SHA14876c7b5dc8273f0c837697548a1472534c620ef
SHA256501c120c3a1c8e5ffd1de2888a98facb7e34034ce79f7614a3df414d7a2f6043
SHA5120b937eac79a1a888a4677dd475c13ebb6d96d2fc54b4a004191d959ea0efbd4e76aa72b843aa5dc558f97e236069b7323633772adc14b90a87540310d2c723b4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5ba18fa497c51eeb08ab4c233e5592799
SHA1e77fa852afc8a6b65ed494640909e90d822cf2e5
SHA2560d0c0aee28935c2ea9e2441765e668e69fcbf572c243af27e1769b65b238406c
SHA512ddeecfb159b80882c2ca5258127d9d7b4afd06e7b60554c3c68157386495bc3856959cac9862e7258aff6a79b05f6daf8e705c816223dfb0f1b52730c7e38c01