Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:42
Static task
static1
Behavioral task
behavioral1
Sample
91d36c77c762667a3a0cbf298fd3ef87_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91d36c77c762667a3a0cbf298fd3ef87_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91d36c77c762667a3a0cbf298fd3ef87_JaffaCakes118.html
-
Size
168KB
-
MD5
91d36c77c762667a3a0cbf298fd3ef87
-
SHA1
c4870bd3834262f8b4528d9573309255b0aa2049
-
SHA256
f5ce66d163d1d30a1e094b7418c1641682afa855cf60fd4bb04fc0e21d4d9a23
-
SHA512
990a8aefc39afe25a4b717de1ec743d09953b7f86b668cbab3f3ffe0671f80b671e80445144bf410fa89bdd66b0b77300723e12d6784e5e5619b4e47b49a210b
-
SSDEEP
3072:xhkUubH/a220Z6Nl/MjVX12zTB8/4rYBS2XtWXUjiB1KNPei7sMsF0NrrX:xgfa2HZ6Nl/MjVX12HB8/4rYBS2xsMrR
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3324 msedge.exe 3324 msedge.exe 928 msedge.exe 928 msedge.exe 1920 identity_helper.exe 1920 identity_helper.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 928 wrote to memory of 1616 928 msedge.exe 83 PID 928 wrote to memory of 1616 928 msedge.exe 83 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 84 PID 928 wrote to memory of 3324 928 msedge.exe 85 PID 928 wrote to memory of 3324 928 msedge.exe 85 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86 PID 928 wrote to memory of 2612 928 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d36c77c762667a3a0cbf298fd3ef87_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a647182⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:2612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:82⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:12⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:12⤵PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3092
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4524
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\080df624-4b4e-4bb2-ab53-b56b4a43d0d8.tmp
Filesize5KB
MD513363e5172d5cb217036d65b410f5516
SHA1aeae1ec5b8a50aa78f2eb8a0dca0dc6be6b123cc
SHA256e57a1aff04f4e9dab4cff2accef5ede26e06447f6bb82aa6541e74b78dcda179
SHA5123f68f9c08138e57c4a7f44eb93b64694313b8ef2b3db2df79f0093d50c412ec9b4ba37dc24094c0ee6b3e6b2608b18d7e6f635c1e8e431d8166614e211c183cc
-
Filesize
1KB
MD5364668786681fcabac60a8ae4924fe85
SHA1e76306e8a3a825521bb5f76dc633c83c15bd755f
SHA256c65cc4ec9efcf0cacc46a5251f6d7d0504c21f07ff02193fabdcf16169a76a09
SHA512a0d6053b6d9768d5062215969b42e814343f73e8617ee887ebb137de7224db29ad332d6eed8c8b27ffd297d465cb799f752578b27619f12022cac1b562e7ec91
-
Filesize
6KB
MD55e8f4a7cfb93590c4228929c41f5d1ec
SHA11b79ad653f2e3f812b1b44ac8f5164e3cc4a9ac2
SHA2564f2ddd98cef1d9984d373110508ef9e8f9677287b291271ac7508301e9493c1e
SHA51230fdb9a8bf4b8bc95c81c0846cd60797b80c28ca1c5b520a59db9b116fbde75d8b87f2c29463d44483062a9ff08fab675ca3e7d35c18f8225656a7709c44c55f
-
Filesize
6KB
MD5c738eda4789284c0770919fb0583073e
SHA1f29412b1cd6b90fbd584a5c5a9b59923e7113543
SHA25679db98862ed304f745e49622fb883352fb8207fef064c11f50097d99e15b1679
SHA512afeac157ec248312a3efdfcb03f1f6d79974a59a79155af1079124e7c91b4333aa626df5cd13b21f3a06922e32625d036177960508964cb979ac4bdf248f0f55
-
Filesize
705B
MD59492c9fcb7bf8dfa8d5b58a98c0d253b
SHA1f155e66363244dba57aa4a9f2a0abebafc9fa180
SHA25670e89c4c274ac944834474a1e20f6b4c3319dc65e97c1419452f0c168f73bf05
SHA512e931e5966595ae40c521c851376642a503edb4af46344192b9499932dd69555806a5a7cb798a1eb81225224cf420a6832211d26686a99ac1f1da155378caa9c7
-
Filesize
538B
MD5d135aaa83fb8ff3888dd1029cb45b7d9
SHA1a060ec38cabf99623f65aefc15034bee3c39038d
SHA256f6b3c5300bb8c0ec777384db08f8a155697956efb69bcb222a12c4ca04a31c2e
SHA512e9f4e90eb24fe5c4f2a7fb5872ff1b8e4f21e20aaccc956561508dff5b27d5950fa26fcff3913995913841fbe053dd6c6bf8e24d691480e936572ad81c1af4c0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ec607992de363bab8ede3d296a932477
SHA18569bddee18a6588c07b2ce9b54f8ee6a32192fe
SHA25615238a1829309b383d3a203d4e47b563effdb67dda385a35d50888fac54693af
SHA51245cc3efa158440e86ff90996a8532e18ee3ac0052989a617da443f6a9d1f9a96e46517a7cbce2af730294578c54eee6a570b468980259b4957c0c541e7f790e6