Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:21
Static task
static1
Behavioral task
behavioral1
Sample
91ef9a265cc3a32c4ec6d61e0c62534a_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91ef9a265cc3a32c4ec6d61e0c62534a_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91ef9a265cc3a32c4ec6d61e0c62534a_JaffaCakes118.html
-
Size
27KB
-
MD5
91ef9a265cc3a32c4ec6d61e0c62534a
-
SHA1
5af8b987ec6d26dcd38071c2840fde19101325a5
-
SHA256
626a9a796cf6108c161db9070daf9939f67377c879f22f4b21ea9ec5acc06698
-
SHA512
beaf0688f12a4b1d498f8fea0ae7f70e1d945a59d4c6f9b3c5354f57395a2c711d398cd94243c273d72344b56c8ce690ad7fcd84dff81ed05873c15f0e99ea40
-
SSDEEP
192:uwvgb5nQunQjxn5Q/nnQieuNnvnQOkEnttdnQTbnhnQ9eIam6l1uUQl7MBOqnYn/:BQ/5tyDu/SwD+s
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3216 msedge.exe 3216 msedge.exe 3380 msedge.exe 3380 msedge.exe 3508 identity_helper.exe 3508 identity_helper.exe 1188 msedge.exe 1188 msedge.exe 1188 msedge.exe 1188 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3380 wrote to memory of 1500 3380 msedge.exe 83 PID 3380 wrote to memory of 1500 3380 msedge.exe 83 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 4084 3380 msedge.exe 84 PID 3380 wrote to memory of 3216 3380 msedge.exe 85 PID 3380 wrote to memory of 3216 3380 msedge.exe 85 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86 PID 3380 wrote to memory of 4308 3380 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ef9a265cc3a32c4ec6d61e0c62534a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d47182⤵PID:1500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:2712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,244007377763560083,7089535321104392904,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4636 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1188
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5020
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4592
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
5KB
MD5322c53de73bff42da852d3d65c9ab6b9
SHA12b43786f8dd020e09b369fb75e22c2fadd102c3e
SHA25611487402e0694fc53fa11b3af4e216146601c3a8020657757ba7feb82c5a486c
SHA512d5fb8d72c82dc0c2ff68c3df04f25b4f948194bb88510ddb671343cac76a8da42553d9e3b82e34e09efa75931307dc9fdbaa92f7c5a0de0d11981fe5857ffb74
-
Filesize
6KB
MD51865b5db780bb0052a93c9c55d3b9b81
SHA1d775aa23918ccdaf41e398f788194aa54f15413d
SHA2561b793099addb669550fdabfa55a34198e57b02192a65361fd086716b29ba841b
SHA512d5199ba776b2a4aa395c635ac165db69172e7e372446c2b7b6c6240f35e96956f768d3f4028b071934c2044ee0ff7277ebe99d89b5667b1b2f1a3066d02375cf
-
Filesize
6KB
MD54e72e8c5d8d7826bca825c0c598f507f
SHA124f364259f4f50dba3e6e982c1ea232d50537421
SHA2569854c2aeff6a264347e601fe2433a5819b4e175c1c63b66042dd7255b3730bee
SHA512109bc2ffae4afa00e667aa207a706ee2341fb88fae84d13a34c1b67e3f027bffa48cb0d87b2b18d8d71116f9d0d092189eb127a22913052e24aa453622e47aa4
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD50eaa85235f295dd4ad2145839669f48f
SHA151c8301294549659c00a9b2447a6226f9c5ca16b
SHA256302e3c75e628df86d8197fbaecef50653743f791538487fd04d0cbd9e913cbad
SHA5120e27670b95a89ee40fdc079ece4803df8e35a1b7c4e8454c90415bd1761c104d75cf604e2343224bf96c207f5783a7763f9ebfe35f1497062fb6bbc3052d9fec