Analysis
-
max time kernel
145s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:14
Static task
static1
Behavioral task
behavioral1
Sample
91e9cbf3f4aa5388daf9453ae454bcdf_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
91e9cbf3f4aa5388daf9453ae454bcdf_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91e9cbf3f4aa5388daf9453ae454bcdf_JaffaCakes118.html
-
Size
461KB
-
MD5
91e9cbf3f4aa5388daf9453ae454bcdf
-
SHA1
88ae505eb6b5a4f45ec42250e6c3f8b281b673ca
-
SHA256
dffc552824ac428a5b86c7cbedf597ed7bcb564ca6dc46278ef34d49d9e678e4
-
SHA512
ca0467b69e982971c4afd92a8c63f84c7b850d840b098e04f6c4069857b608a9d2072950ed4191c6686b5b37a0f5630232e5afa24d1150e10afe29ee4ee64629
-
SSDEEP
6144:SosMYod+X3oI+Y4sMYod+X3oI+Y1sMYod+X3oI+YLsMYod+X3oI+YQ:r5d+X3k5d+X3z5d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4060 msedge.exe 4060 msedge.exe 1072 msedge.exe 1072 msedge.exe 3444 identity_helper.exe 3444 identity_helper.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1072 wrote to memory of 4788 1072 msedge.exe 85 PID 1072 wrote to memory of 4788 1072 msedge.exe 85 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 1360 1072 msedge.exe 86 PID 1072 wrote to memory of 4060 1072 msedge.exe 87 PID 1072 wrote to memory of 4060 1072 msedge.exe 87 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88 PID 1072 wrote to memory of 1376 1072 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e9cbf3f4aa5388daf9453ae454bcdf_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1072 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6bb346f8,0x7ffd6bb34708,0x7ffd6bb347182⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:82⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:12⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,10982088667406938786,2903204372106093672,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1652
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:532
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2164
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD56774420cb002b59fec3bad6c89683aae
SHA19fe69fcc70e28fdba477ffb297ca027b825ef274
SHA25656bd316bb1c6d3a669a6c20d443d60d31d56131b8f43d41493bbc6e55b0d0008
SHA5122a29f2bd26d33d75a085d4d039cc72b88b4b5160e7181846826c98bec6d54f43bf344648653041be53fa9b2e6cbba7a8be576494ef7f0edf33c7427410d49d43
-
Filesize
6KB
MD561eedb350cb565ed258e69daf900f836
SHA1ed8b5c7f33081fb382ebbe989e3f665f35041b14
SHA25664ead88979e5b14f0eda49b85007c7ee0365661bb675ec7691d9b6de789234ac
SHA5124cb9ca3e88733a77769bb723a61e85e0f45a3d7aeea17b089198b101ed91fe2e533401bfd30752a96fc49be00b3c8303b715a7e3b391bdb5c5a127131b374c71
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52e9ad2a0ce3229a99d50502e7146f686
SHA1049d6289935ffdb66596278c5b6e6f8d27615be7
SHA256fff3284cfd31da2710f464505b3176ebbfdc092f962f0a8735ae1a7537f7b2a7
SHA5124ede854a8e386252ec29598676ebacfc3ec226260fd978d40b14f27af9c162f9d3a907ac7a39e7b1eae9c598e4068a105084698dbae852c43dcfc9c56b2309e4