Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:07
Static task
static1
Behavioral task
behavioral1
Sample
91e444d0d2d990089833c4cfbdc7d857_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91e444d0d2d990089833c4cfbdc7d857_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91e444d0d2d990089833c4cfbdc7d857_JaffaCakes118.html
-
Size
46KB
-
MD5
91e444d0d2d990089833c4cfbdc7d857
-
SHA1
4dd279d48b2596ccb2bf7cdfc083e108dba9096d
-
SHA256
97100c34662872e3847581c9ff01518f3f4eaf18a27d6b927c31bc9f17c5c043
-
SHA512
671c432550bb8fe797c6ad2745244c55c9119a8879d847eb4db037faa231873567e9317fb1eb167bc6e422f678e69e7c341f6406ad681e33c52e68bb05e19a4c
-
SSDEEP
768:NJS6S7B8ROZOrggBbvFICSCfC1C1C+C+CQCQC+C+CtCtCECECQCQCHoY3o+j1IpE:u62BkOZOrggBbvFIzCAA99xxllAAppxI
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3828 msedge.exe 3828 msedge.exe 3204 msedge.exe 3204 msedge.exe 748 identity_helper.exe 748 identity_helper.exe 3560 msedge.exe 3560 msedge.exe 3560 msedge.exe 3560 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3204 wrote to memory of 3644 3204 msedge.exe 83 PID 3204 wrote to memory of 3644 3204 msedge.exe 83 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3444 3204 msedge.exe 84 PID 3204 wrote to memory of 3828 3204 msedge.exe 85 PID 3204 wrote to memory of 3828 3204 msedge.exe 85 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86 PID 3204 wrote to memory of 1084 3204 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e444d0d2d990089833c4cfbdc7d857_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3204 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d9547182⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:12⤵PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:12⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:82⤵PID:4024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5640 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3560
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:688
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD576b0022a543250909836faeb591a7109
SHA189f0901b19fc081575ff98ceba26df7b27a5bc6b
SHA2564b2a41d8136477d6e39886e5366e8e0a96c5075cb5c0aa1d908155cfc9e5ffe2
SHA5125ecd2081bc0b30e52e5b0f1a085df65cd92114ece308b035c294a545483c7b9087a2e2b72326b3c8575d20027a49eba0df25fde12dc829ad290855760d561915
-
Filesize
6KB
MD51ec1ab7d6e022a53f77854ab529f5b2c
SHA1d8727b6a9727aaa3b8bbf055a84c8aeb7440f304
SHA2567e25700252d6fabddb6eb6f01ef83f03bb2bdaa76f6c03b6a6e8f801910c80d4
SHA5121e094f4cf626ba64df7fb464c769827ce88f0d9a9d852ae4ba8bf494ea3668f18850c4efa02f1d7e5c5ec1f6a2eccf81e4829a8330c8d9bd6e011e2714621d5c
-
Filesize
6KB
MD5fb590a6ecdf1ace901f2c9f9de18d717
SHA13185798c67b667e1f9716a65a9647e2470b6ef3e
SHA2561f8059217e928727406a8ea90530f5d353eebd74620dfff9170d85e8def650c0
SHA5128773aedffaddf59a88a12c6e19eb18c465ad133e056b2a020397d6d081aefeb8d0b1a708c614b11a75e90f42c427b1b0899be3824458702e4b2d7e1a3ef8bd02
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5dac6bfdb9144a300b45f4bcc1a201650
SHA1e106d68b7336fa8667ebc4579b16ac0d4930db85
SHA256d1050f0d7ac67461a7d8e929f9c6cb6bef316a05a0188e8c6d336da15350c734
SHA512a9964ec824729c9f95ff62db40a806a34bf8de4219dd633ce0b22bb2ace59de3b1fa4fc582641fe8a5e06f385624c83728914b5c847848f36be72adbbd428aa6