Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:07
Static task
static1
Behavioral task
behavioral1
Sample
91e491aee6e44e81215720e70a33a82f_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91e491aee6e44e81215720e70a33a82f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91e491aee6e44e81215720e70a33a82f_JaffaCakes118.html
-
Size
18KB
-
MD5
91e491aee6e44e81215720e70a33a82f
-
SHA1
45368fba1c41f7d285c6e84ed1ef5c65750ec050
-
SHA256
a6412479be27e07e577c1f9ae02d2347a2b9ac1b6039bc3871fdf64887af40cf
-
SHA512
09178b1e0cf3e6053b4ae5ec821bc1b3942b8870b15093b7883729708514d414d277628bc92b55f15e6b6c61e1c4d457eb1844d5b1ce097eac8f9a0fd10c2bcc
-
SSDEEP
384:SIMd0I5nvH4DnDf/JZxJ3aXoqsvW+ObxDB8:SE7DnDf/JZxJ3aXoqVNbA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3332 msedge.exe 3332 msedge.exe 116 msedge.exe 116 msedge.exe 4376 msedge.exe 4376 msedge.exe 4376 msedge.exe 4376 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 116 msedge.exe 116 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 116 wrote to memory of 3544 116 msedge.exe 82 PID 116 wrote to memory of 3544 116 msedge.exe 82 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3224 116 msedge.exe 83 PID 116 wrote to memory of 3332 116 msedge.exe 84 PID 116 wrote to memory of 3332 116 msedge.exe 84 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85 PID 116 wrote to memory of 3944 116 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e491aee6e44e81215720e70a33a82f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8da46f8,0x7ff8f8da4708,0x7ff8f8da47182⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4376
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3896
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD5d6b34e36dde82d023fa29fce8638a14b
SHA15371fa218276f5549bf9fec00b181e1b301cc777
SHA2564bde8bc18e0f8d2a1fcfa77c39948fe04eaf1ffd4c8f9c708e81c02f445ca85c
SHA512bd12f8d0bf84f45ae5b9e560307eb9b8f430286c4ce6eb0c09a6cf135b196ba733bf86bee542cab3faedef9bf47539faee1b867a5369a601398a724e0f4479ec
-
Filesize
6KB
MD587ee04f01956dc9b291d1aaf28a1ef07
SHA1604ce58282c6b30603eb5b040664ae34880cc3d3
SHA2560b41d0dd044b87dc845e2bf6d374a6d6df37295e4e0534b887c71d2d22b4a163
SHA512e8bfdce0a000a2800bf4980cf602c42ca63ff98dc2e79ce014df6ba8743f82597308c86bb35b3eecee8989ef6362c1e053f33b3ef436cb59ab1ad9c33141f54d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fbf26676-56d3-4a67-88f1-dc11151ac80c.tmp
Filesize6KB
MD529f9be513e13a0b731a7d15dcd03dc2a
SHA1b1e238704b327e99c6c270b635459fe5a9cdbcd8
SHA2565103f1fa1e3b682d4eb3629c545025c540a86d80f60210e404f2b1b667bbc6f3
SHA512833ae565b93d7b5cc6313a7e035e873110b723a7be8b00489edb23c1a9f771a7d57f8c62ee79df7b009e854c03ddbee34e10093b2404f3abcb2d4594b8d036b3
-
Filesize
11KB
MD5cc1c525386354caa5dac20fa3c1b7d69
SHA16a2b8f69b733fcccd510d0136f59287cb9124a4c
SHA2564792b4edf06f2b0bffeae3b6849b44ce9e0c08fb5fd59cf8eecdcb12b8f56ce7
SHA512914fa41fae8e6f8249947663b67e9b20832591de341d1bba55f9ebe90e700d5c5d6cdbacee7b666d92f1adf4c6878a7d4dfd1bc13fb75feca94b6d87cb24de26