Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:18
Static task
static1
Behavioral task
behavioral1
Sample
91ec8a6471c248947c188614fa355bd0_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
91ec8a6471c248947c188614fa355bd0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91ec8a6471c248947c188614fa355bd0_JaffaCakes118.html
-
Size
175KB
-
MD5
91ec8a6471c248947c188614fa355bd0
-
SHA1
4006785fa20a918ff5b768623a72d24fbdeaa9f9
-
SHA256
752b147c1afc34e0542c9d2e0185cdcf7dffd04673df168249343d9019c9156c
-
SHA512
bd2426c2f3161e586f303c56d63b797964c734a38b2c813f9e5cf602d5ca3f469ed36d269b0a3971babca9e8a02107e08acae1828a933a05b720cf38fc60c605
-
SSDEEP
1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3dGNkFCYfBCJisd0+aeTH+WK/Lf1/hmnV+:SOoT3d/FTBCJiEm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1216 msedge.exe 1216 msedge.exe 2664 msedge.exe 2664 msedge.exe 2972 identity_helper.exe 2972 identity_helper.exe 5216 msedge.exe 5216 msedge.exe 5216 msedge.exe 5216 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2664 wrote to memory of 3208 2664 msedge.exe 83 PID 2664 wrote to memory of 3208 2664 msedge.exe 83 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 3124 2664 msedge.exe 84 PID 2664 wrote to memory of 1216 2664 msedge.exe 85 PID 2664 wrote to memory of 1216 2664 msedge.exe 85 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86 PID 2664 wrote to memory of 648 2664 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ec8a6471c248947c188614fa355bd0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e77046f8,0x7ff8e7704708,0x7ff8e77047182⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵PID:648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:12⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:82⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵PID:5152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:5160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5216
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1828
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4256
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1492
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5a59e64bae28c9e31f6346587a3c63ea8
SHA1556421b7328f2efc5ae26168c3e4df5714b9427a
SHA256740be088b137539f6f9a8130101ff4ffd7af2fbc2d6f6cdf3975f0b63cff1bd1
SHA5125771c526aa403b41cf0666a47f67f355bddcb7dc921ceb238144c3ca8d0b4c6f0f3def424ce7e93416f0f91b0ea8796c66aebdc67289042c209a1de9109075f9
-
Filesize
2KB
MD50b2509ed7dc02098c90f2c97dea95ca8
SHA15a4b0b4b86311775f41f12396cec8db1d32d6de2
SHA256f7d60c0267665b5a33e078332d1e481035a56d5386d69c468721059f707016f6
SHA512b472bee8ad9cbb557d70b82127f7f85ef69b0afa21112f4c2287e395862ed5917039ea4b3573884cc73c0e4ebc793dc7b68ae89bab503e1c8fc2268e4414a367
-
Filesize
2KB
MD56c88fbff26721b3514eb9136c187fa6c
SHA144080dca56bf657eccae91e3dcdf40304b780be5
SHA256e6641c662460645ce7beebeea7bbf639b1858078ebde39bd0d9fbb45c21d8442
SHA512b34597137db07b7a1fd12360553c668cf6d9bc42938f3d9f0c2e86177ba32ebf11346f7305f52b8b96bbe085330c301d221c7f2b919e2df5ad83f6e7574bfa78
-
Filesize
5KB
MD5255c30a52611d03c9ff941ebdebc1970
SHA1b4c3863919d3f0f9c3f5c01b0da58c1d4291b8e3
SHA2560bb93cd0dfe59a32e60220be87bf30b3bcc84820ede1ee2cfdf3673f1fc8be64
SHA512a5bb6e83c42565d38cc5cc08b4039a980f78482615ceb8bac1cdf6cb78444aa8c63bd36ccfca5677557ba051a4e9a96e9372aa8507158ad302226c2cb3aad79e
-
Filesize
7KB
MD56d22729702614d6df726c0cac8c39564
SHA1873f3b33603691292328910015ca218b665ff1c8
SHA256f787c491921e54fb89567079fac62702b4cb3d4ebce81223d8baaf564221b569
SHA5120a8a7a194fa527ad55b4ee26c175ae90e0f8a22018f0095a701d3adcff6bab7b23a831501738c11b60dac4b8b21146f9f0f415183e28c8681114294ff7b3a87b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ee75a62c3a8daa82dc3b887cd6717529
SHA1123651ef4582999aa0b423554127b6e1fe1e287b
SHA256dfe5cddedc9f2fde38238e804e545624d182c400386dd4a9bf97d9357abfb764
SHA5125efcf160005becd70c73b91c6b5002ad825f962e6eb748449caba66c218c13e28c2a7029de58f7eb4a9be04a405043d06972fe10a84cf4ec5c9edc1c1475b534