Analysis
-
max time kernel
149s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:42
Static task
static1
Behavioral task
behavioral1
Sample
91d2d8cf64772b68c4868e9d5f349a84_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
91d2d8cf64772b68c4868e9d5f349a84_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91d2d8cf64772b68c4868e9d5f349a84_JaffaCakes118.html
-
Size
53KB
-
MD5
91d2d8cf64772b68c4868e9d5f349a84
-
SHA1
9d97338ceb8eaaaacc7dbf16f11e60f803914903
-
SHA256
35691fa42af498a139d9082f9d0350f6bcf72dc6ae125eba79e75f4ba0f19429
-
SHA512
3dceffa603b4d60f35e1199916cb24d004096c3adb6d3a0060d1e6bb8ba7d2f611cd82a813d730730f02ccdab537fcc5b29d7314663002288394c92e86351335
-
SSDEEP
1536:Z4fQsOO4JEzqv3vbv3vUv7v/27eqv4Pv4Av/vJv2vtvOfurHyyjy3XA+aIYCYjwe:J/DvcTXC9yHXxeVGc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3108 msedge.exe 3108 msedge.exe 3328 msedge.exe 3328 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3328 msedge.exe 3328 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3328 wrote to memory of 4020 3328 msedge.exe 82 PID 3328 wrote to memory of 4020 3328 msedge.exe 82 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 4724 3328 msedge.exe 83 PID 3328 wrote to memory of 3108 3328 msedge.exe 84 PID 3328 wrote to memory of 3108 3328 msedge.exe 84 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85 PID 3328 wrote to memory of 540 3328 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d2d8cf64772b68c4868e9d5f349a84_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3328 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8797646f8,0x7ff879764708,0x7ff8797647182⤵PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9533517045305133036,17310237896144228298,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,9533517045305133036,17310237896144228298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,9533517045305133036,17310237896144228298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9533517045305133036,17310237896144228298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9533517045305133036,17310237896144228298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9533517045305133036,17310237896144228298,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1700
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5056
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1160
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
5KB
MD5e39ddacca05172a945727e6945c729f2
SHA1743d57b5ffd93614a7340a771f682f53386cedab
SHA256cd0a988c7c6b5041f289044e15de8b04dfc02cb945fdda99d90e8d6730fe8a08
SHA5121cb112be9513f940c02bc543d7734d567aba4109db24f85d738631d4784868221a44bea0fe7192d4f01fc2039399dfa2654e46ba41c9a51a3813baca0eeb51b1
-
Filesize
6KB
MD5efac2a9a98bdf941c1201c2df114fd0f
SHA1a3678ef79ac6224dda5d068a43bc929da3aba464
SHA256c15221624f93893b3ec331348862e193bc53222b6fc122c13698a4a4791ed087
SHA512533ded8676796f733dfeb743739339fbfbe7d4811f89cb39a0edaa4d584e161fd4d505d3556fe214a26d147471403a4e89d7e2d31a266fd197186b16ead4231b
-
Filesize
10KB
MD5edd6462571f77f001ca560c45f00550f
SHA1dd1ce59e7c9dd27f8aee3e4ded6db0bf302c5524
SHA2564e86fdf508197e905f1e28f947f1b5bfc150a203fec4af961a1dc60b6f2a1ddb
SHA512361a9c5caaa8b797215f488af548dea9baa564a879c3862cf7db06e128d6ca67bdaf3bc6f01928381ca18d9da4507b6ce692e3ba0a12470ec3671fae1c2efffb