Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:41
Static task
static1
Behavioral task
behavioral1
Sample
91d23c609272a76327b047f0cb63ae67_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
91d23c609272a76327b047f0cb63ae67_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91d23c609272a76327b047f0cb63ae67_JaffaCakes118.html
-
Size
158KB
-
MD5
91d23c609272a76327b047f0cb63ae67
-
SHA1
6d8ce83b09604035c237230f6c8dbeca36d00269
-
SHA256
834e3862b73f8f82d78238e1b1b41c961b861fa3094f08f306db111da7932562
-
SHA512
1c000349f675dcad65630619b42834f056115fdcf8175d5f4ba05b8621098e379a977e1e127c4c77a223a906cf935be5712ca06dc96445bf0a45f815ee8355da
-
SSDEEP
3072:Sl6yJWS1+/dYyfkMY+BES09JXAnyrZalI+YQ:SlBT1+//sMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 320 msedge.exe 320 msedge.exe 3840 msedge.exe 3840 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3840 msedge.exe 3840 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3840 wrote to memory of 2796 3840 msedge.exe 83 PID 3840 wrote to memory of 2796 3840 msedge.exe 83 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 4264 3840 msedge.exe 84 PID 3840 wrote to memory of 320 3840 msedge.exe 85 PID 3840 wrote to memory of 320 3840 msedge.exe 85 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86 PID 3840 wrote to memory of 4572 3840 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d23c609272a76327b047f0cb63ae67_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3840 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffc5d46f8,0x7ffffc5d4708,0x7ffffc5d47182⤵PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6001712019054525851,12092416116152950154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6001712019054525851,12092416116152950154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6001712019054525851,12092416116152950154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:82⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6001712019054525851,12092416116152950154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:12⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6001712019054525851,12092416116152950154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:12⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6001712019054525851,12092416116152950154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4092
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3076
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4740
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
5KB
MD57e65e495933068216a054b4842340071
SHA1b79a2708fd5840ef2f8fe58ac4d507eca8b992c4
SHA2565751a1e8e018fbc92c2f02744cbc8bdb9852ea5a2dbbaa65a2123bf9e58fb395
SHA512fa76f1deb7b63da4613ad1148b69143e9c2e075fafa5b3ec632f56203c6a478901bebd663be87d98b76104b44e186d7c8a35b02165b3c64ee078755eaf5ee49b
-
Filesize
6KB
MD546add1fd0c20635c08220a59826fb562
SHA189676c7f91b1a01fbaca188f452085870d4212c5
SHA256587edb9f927757bd4223528ac1d6ba93b46013cbc2081d578923a6a667de95e5
SHA5129580980faae8c7e37de690d589c7ed70afefa61619917afdea603fd0e1a85823b0e9134198b7f51391dd3094cb647349b55b66143fd0b1c591d42c97c78b87e0
-
Filesize
10KB
MD5c2bf5db455a34ef316cbe014f5b325ad
SHA17845eae793016e5997ede10fd5e36b29af81f406
SHA256d4d215d76ef4f1462dff97043c46fa633d5984c20b25946d28bdafbdc6634c6d
SHA5120d898a76502358f93a39df2f9b1cf0082ff35acf6ce28a7b87e004e6960bf3c6ce0fbc191600be68f0cffeca085d2dd0970d6d044ee1fc159efa6ef29e2ee2e7