Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:29
Static task
static1
Behavioral task
behavioral1
Sample
91f429aa6675f6313e9ff98e2298c944_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
91f429aa6675f6313e9ff98e2298c944_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91f429aa6675f6313e9ff98e2298c944_JaffaCakes118.html
-
Size
9KB
-
MD5
91f429aa6675f6313e9ff98e2298c944
-
SHA1
b46166e7d5c28a8d95cd90608c207a07291fdc38
-
SHA256
c337cf6f6b24ba9afef8525511011f9b38af9a6a5d43edf59cceece58c9b47f5
-
SHA512
285245de3c3bac9417e207880cc118fcd756ce0652b66c2ed05685aa884a5b1fdbbed6f007c48db2ebe277a18c68489c6d36901e4da9e127eaef29e3d92bcc28
-
SSDEEP
192:UHqQjQlEDwjOUqbMZcgXxzW0GFqHATuw/I7:24dAqHATueI7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1748 msedge.exe 1748 msedge.exe 3524 msedge.exe 3524 msedge.exe 3416 identity_helper.exe 3416 identity_helper.exe 4768 msedge.exe 4768 msedge.exe 4768 msedge.exe 4768 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3524 wrote to memory of 2724 3524 msedge.exe 81 PID 3524 wrote to memory of 2724 3524 msedge.exe 81 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 3044 3524 msedge.exe 82 PID 3524 wrote to memory of 1748 3524 msedge.exe 83 PID 3524 wrote to memory of 1748 3524 msedge.exe 83 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84 PID 3524 wrote to memory of 3820 3524 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f429aa6675f6313e9ff98e2298c944_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3524 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84b6d46f8,0x7ff84b6d4708,0x7ff84b6d47182⤵PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:82⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:12⤵PID:956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6571475694050371293,4237428393684769910,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3964 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4768
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2820
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4332
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
466B
MD581b60bbc45ab417f4fe212afffe4317d
SHA1317af60e30a27f28bc39a71dd4fd3d27db43a1d9
SHA2560ae4c09061a98fedc1683992ffdb5718fa3089aa74d773748121f677f4744643
SHA51244c2306b958eb732ccc1b34480428f8404d633774f9e37a26691ce67f2d8c53f002c911152577ad804c2a5de5786a7e4df0a48cd7af5521e46760a10a30cfd12
-
Filesize
5KB
MD5bbb0d0dd7c3c424e50a325542a747556
SHA1b4e7221f625b4b5be467e0f3b9265803a2ac8d4d
SHA256749adab1f8e2cf7485c1d777d1c476b9fa8bc6fa77e68a0e74b9643e1b6f594f
SHA5125c50ac926beb7d5ff63fc43b13f69caaa600061ee362ede6214f80ef08f40f6bc06659edde4bffad82bfebd71edf98b21e80e488be791aa9713b94f5c0f21611
-
Filesize
6KB
MD527775b0365dbc178c2f47235e867e845
SHA180c9169ae04a54c958b59071e1f24e8746308cd0
SHA256a5c28957e3c6d980121a6c9a3a9e11076c5a631ce3a6201227d211107227b814
SHA512f625bfa548f259c3a67036b0a7dd5947daeba58c2e5a4519f1005e31894b0e88bfd09909856378a3b67fbc45e49b3189edb76752d946c4bfd10ad8cdc48e9b4c
-
Filesize
6KB
MD59a68eb3c70b2ac503b6793f632cc728e
SHA1b3a514baaeb1046e73aada51b3650a3fa4dbd80f
SHA256e6fa63a8b7d2aa33774260bacad1670d3e60992cfdce9f0ed3e7c7313ef1f569
SHA512b72fe3d418e89e6dd9573df6f43cca1ebf944b9e59cc0f7d21be315e4c690245a345a91e0e6f96e07322c99ab0d3acb34238b0a2aaa1ac3a84ab66faf52fe357
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5944a806b21a2ffaf96783eb3f061f3ff
SHA19f9cf7c6760114fbe93af4734082c14a02550b9b
SHA256053d741a33b28683ffe4827d89f05ab645ad7e1f2e5dfb328b066f683e7bb9b6
SHA512f5f6f5c38ccae3e1a3e54d11705cfc2067cd19e75ba7654e3bcb26668428c36ad6df1c945616c47deab73c5f2c8ead30f1bc217c4eb346f15d1e758d074db940