Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:18
Static task
static1
Behavioral task
behavioral1
Sample
91ec814ffc1be0bf22acc03ad5f77733_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
91ec814ffc1be0bf22acc03ad5f77733_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91ec814ffc1be0bf22acc03ad5f77733_JaffaCakes118.html
-
Size
140KB
-
MD5
91ec814ffc1be0bf22acc03ad5f77733
-
SHA1
73543ac86003589898284c84544a254a0cf1081f
-
SHA256
d2e8b8136b1146cd067d048b9cdb80059b6356690056b714169c35453077609e
-
SHA512
7d85393f1459cc75b26ced953464bf987bb06c288ed995d1fd8512c9f135b5b3607086356dca3d17049096bf78d64dac76fdc06c055fe74ff0082da5fb4ec2a6
-
SSDEEP
3072:Eif4KELEmrORPCL1VgRUyJBiH1kM2FXkd4B:TELEmE2VO
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2128 msedge.exe 2128 msedge.exe 3176 msedge.exe 3176 msedge.exe 1824 identity_helper.exe 1824 identity_helper.exe 4320 msedge.exe 4320 msedge.exe 4320 msedge.exe 4320 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3176 wrote to memory of 2124 3176 msedge.exe 83 PID 3176 wrote to memory of 2124 3176 msedge.exe 83 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 1376 3176 msedge.exe 84 PID 3176 wrote to memory of 2128 3176 msedge.exe 85 PID 3176 wrote to memory of 2128 3176 msedge.exe 85 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86 PID 3176 wrote to memory of 2352 3176 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ec814ffc1be0bf22acc03ad5f77733_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d47182⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:22⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:82⤵PID:2648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:12⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,14021555837393206123,8698829351959345395,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4320
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:384
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
935B
MD5ec481ecf81ba86f77435b60850c2ec0a
SHA12ecd1703534526fbbd9b658e0c175d85f70f184e
SHA256c5638cc47c9dc32c431aa7f12268f284aa44dd1d49cf556111c514662fc1b8ee
SHA512b5f8a5f9e4dcb020cad4612ad06791bc73dab2a548fc0c05016566774fb1f14fcb5967730673d9e2ee801c1e536b48307fc1f39624187ff79b9ab0d5d18a8e5e
-
Filesize
5KB
MD5caadac1d9ae4b4f5d34119feec3af592
SHA1ad71c506d43fe11b1ddb7f28f1e2d8870c00e4e4
SHA2564d789e4da3b8f8775250b749b39ad0cfaf24da36a7d41937ffd1d6fb3f0be26b
SHA512228ea01eb392f7602e431fc23f46d3c88fa96d1f200d1fe6590a914e89c7974cedafefd121b87d5a3eae7443da0956635bd4e746e43ed81df44d290758035526
-
Filesize
6KB
MD5611ca0eb04aa2f112eebcb3e59942a5e
SHA1104cdd23ea8b33a6be8c1e83b30cb7c10c59d62f
SHA2566cb8b33b65b2dc12fc1b5225972871cb97c0e8f30451c13864c3e3eb35505ae6
SHA51253d5dabdf3072782432a04de19ec5674b8ac1fe2cd38220f997aac696631cab442b8bb6891b50337ea3d03e76d4ad6249f7256529fd10bbd9ab8bd34d939cef2
-
Filesize
6KB
MD5678b7950c9487d69ca4cec42b9f7d183
SHA183466373529caba1f697bfdf54f322d1e9f1fe6e
SHA2569cb4c8108174a24802bbcb67dbf66a635eadb22b1a8a74466289d9b5e0cdead8
SHA51263d6d0f7a5a40f2c7707a9d03290b1eadf66be64fe0a22020407b91fd05697083d9b14291e72602f1062d77aef67dc43e2fcd8cc4c6c735f2bfac51f4a20b1cb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55bfb072497b080a0f4894b53e1f7657f
SHA1917045ff2560041c2cb3fa1b6abfb122423668b0
SHA256729f64a177a654bd304f84d3640699cc4aa3213aa4711030ac3add14c29eb2d4
SHA512cf9751c0c2658287f73049ff571df19fb8666d965fcbbb94558c5bdf97d0bbe17385f52b0c7e1c119bae929af6e784db7c154cf7e045342553d2e552ea9210a8