Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04-06-2024 01:42
Static task
static1
Behavioral task
behavioral1
Sample
934fadd876977f81326f1575ae6c1faf_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
934fadd876977f81326f1575ae6c1faf_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
934fadd876977f81326f1575ae6c1faf_JaffaCakes118.html
-
Size
214KB
-
MD5
934fadd876977f81326f1575ae6c1faf
-
SHA1
603b9f77bf23c10138e4a42f6c4501f441edf372
-
SHA256
d53ccde05308b4cc05d9cf9d2bffe391ab297c5521018524c898a505f24c336e
-
SHA512
cea29dfea22993b7dc9fa126130b88287dd6ff72260c21a160a1abd793ac59b6b7a9063ebec0e360d63f7d47937f50cd3cf3dee7bf70ac4b96628539d1582049
-
SSDEEP
3072:ZrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJU:dz9VxLY7iAVLTBQJlU
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4680 msedge.exe 4680 msedge.exe 5076 msedge.exe 5076 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5076 msedge.exe 5076 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe 5076 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5076 wrote to memory of 744 5076 msedge.exe 82 PID 5076 wrote to memory of 744 5076 msedge.exe 82 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4148 5076 msedge.exe 83 PID 5076 wrote to memory of 4680 5076 msedge.exe 84 PID 5076 wrote to memory of 4680 5076 msedge.exe 84 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85 PID 5076 wrote to memory of 2208 5076 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\934fadd876977f81326f1575ae6c1faf_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b3c846f8,0x7ff9b3c84708,0x7ff9b3c847182⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,582273362550058532,16774934577571327735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:22⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,582273362550058532,16774934577571327735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,582273362550058532,16774934577571327735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,582273362550058532,16774934577571327735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,582273362550058532,16774934577571327735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,582273362550058532,16774934577571327735,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4868
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3444
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3784
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD531b3d388e9d29133fec311168be8fada
SHA1db410f42f166abe49527cb3abc27e2a4ad29572a
SHA256a2a047ebc3ed166a072d715852af4f2e43cbf987f9219f6b6d2a4a5756bdef1f
SHA512911fc72c146f411b95f61daa1cf5b36b8bc95a1440e69a6e648020abe05b2c9ebb6dcfde799173e005e9e3759ef2220da8d13db92e520facf0a9e8569a8d8c36
-
Filesize
6KB
MD555c23aeef90cb1e30d53b4b8c9e94d41
SHA15f22e5039f0b308560386934f283173413f05cae
SHA2564aa6ab3e9772a66f74967335e8b4a29989dee7250bd27bc4849dc799d2112bdb
SHA5129e880e5243abcd6c7115c480e5185b1ee31775ba59419510cea16772d8f63d768c9aee683dabab5eaaf03d4f1509c385774b0adb06e77e2c22f3de1544cbb706
-
Filesize
6KB
MD502698823c387790d8eb26b22a9932bfb
SHA1397ebcf10f5281b5e0803be2540e33c311e632f5
SHA256abbb5f7f172edacfdbb00d426e3f31ac6c6d759e0eae4a6b9667d4726fe869dd
SHA512cea504eb5040cdf941ecc203fb0757899f6e81c624b92624c4618f79c226055c4436315d4f3959568756f44bbd9e73a6a1be9b6c0ac96f5eb4a9c247548e9542
-
Filesize
11KB
MD56aa2a30f93e7faf67fae373db5cacb17
SHA1e7d478397dd80910623766e79493e84c6bee7b04
SHA256122656aafa413569be5bcd6cb203f83a9897b9e2bbfdf23babb847e1ab492263
SHA512e5004f85389a1e206c7fcb56f2aac460208a11f85bd78d02a179bb86c5445379f3c3a26efd5ab3a5cfe447be91d3cae03cc1fd5e6414dcfae2628aa31d63fb6a