Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04/06/2024, 03:44
Static task
static1
Behavioral task
behavioral1
Sample
9387520bffc9c735a708b9daf49c91ee_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9387520bffc9c735a708b9daf49c91ee_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9387520bffc9c735a708b9daf49c91ee_JaffaCakes118.html
-
Size
148KB
-
MD5
9387520bffc9c735a708b9daf49c91ee
-
SHA1
a214c77495c1bf2d2a6e9b791b85b74fa8e1c86d
-
SHA256
e0e3c8fcf3d4c6daee1b9ce90301dd2fd7e782219f1cd81e0f8c2463dfbfd53f
-
SHA512
4a2bfd29dd80f8884caa84c108e6c1342ca8bde047a645323482635aeeb8965de8ed4a9522919b3df81e9a13379780658a04f4f8696b0ca68b60a2361271a7a7
-
SSDEEP
3072:QmxfsPYCuiWmMDGqcQ0WzjLScDGCkWjjVnRTIpt7JDvCaSSo71FdsDYsnLxAkIyQ:IMfcQ0WzjLScDGCkWjjVnRTIpt7JDvCx
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2288 msedge.exe 2288 msedge.exe 4888 msedge.exe 4888 msedge.exe 2876 identity_helper.exe 2876 identity_helper.exe 404 msedge.exe 404 msedge.exe 404 msedge.exe 404 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4888 wrote to memory of 2216 4888 msedge.exe 83 PID 4888 wrote to memory of 2216 4888 msedge.exe 83 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 3000 4888 msedge.exe 84 PID 4888 wrote to memory of 2288 4888 msedge.exe 85 PID 4888 wrote to memory of 2288 4888 msedge.exe 85 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86 PID 4888 wrote to memory of 4272 4888 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9387520bffc9c735a708b9daf49c91ee_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4888 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb93be46f8,0x7ffb93be4708,0x7ffb93be47182⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:4272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:3340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:82⤵PID:4756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5810585652878689879,5224321324260866748,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:404
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1524
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3236
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8bca314e-dafe-4504-8ff6-e98ef848dda8.tmp
Filesize267B
MD5b3327a1680101296f7ae78a48b3dcde0
SHA131155d0ff69911fbdf5a21585b6acb9a936ff7ea
SHA256fe6c87249dcff93d04d52714613441d944cd27299a8a945a16080054ff3832c9
SHA512f66d6f499edd731d5c5376c816995007ae99bf0e6534f4ac730553b4689ce80784b94f7376a3b24f25df0e993721c99855c2d986ac86705dd7e8dfbeb2fc036b
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
416B
MD5317489a67dbb612d4d5b6982e0872a01
SHA1b6a9a980a1c89a611de3c9d0fe30ae3a7ea78aca
SHA256a1e7b0c2d5ac62a67a19c31ec029cb6a306e0ae152c41775a082ef58277305b4
SHA5125097277fcd80ed6a9b8bde94c2ab1781a14b46abaeeed1fa1074e763531bbbafbcd611f1dcc84315fee5ae538009021096502e849febc11073a77bba3da6137a
-
Filesize
5KB
MD58d7a48b2b8323a74bca03aba16bf2714
SHA1f9477b4fce82772fda3ade818de02dde40cba681
SHA2562c02bcb9d0b3d4c07f160f3960a8b8b4ff211a0f916547ddf72674bb99a23a6d
SHA5120b4f6224797f0bce36d29fd89bc2425f0b95325812dab2289e3e9ba38304449c70a0c9799e700ffeb6f083c6884aa0e9b99de73c17980c3475e2201a46378e16
-
Filesize
6KB
MD54513e40c5152a597fbb15cf7f6b033fd
SHA141d22038d895a2f6117197cf97093edc4a6b5fee
SHA256ca533ae48142a7437b572aec54a72d6bd02b1695f6e87ac42c75a0ee50946e13
SHA5125f4839e25c2d598ec34e30b060133a173ad176ece4be431700b42a480b9531a06f7279ed1047586b9707de0798199d25064174b066f820931678434e31024239
-
Filesize
539B
MD566ec1cf5fafe0ddfdafb321628d50b64
SHA18a03c0db3f9f45a10c30b2c7a2586defc014544a
SHA2560fb4129c3acade26fed5cef2198ffcff8db5fb47cbc55d9276c14f6b1bb64f22
SHA51225934aefecb54d678e3a071505bce4c6324dbee00fcb6ebae3bdd8f2b528eea0b7b31f22147839ff76261d0bfebd426d188ae007848ea9d4df718929df9c8945
-
Filesize
371B
MD5f2beab45d29721f7cb0a525fddd3c340
SHA1dc8e819408d766d0e4a5e8581d7d09a11ebfc371
SHA2560b447fedfcd739620f3b75b703372bf48c51f430ac7fa2316b326a25ef22183a
SHA512535a028bc08051b37e67cf9b93aac046072d9b397c03fd6d83cb88d69d1fd6999eda6bf9831987ae8b0707e1f6b5056d9c9539e491421c4241d63ab28914da5a
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5e299c1357d9e29afa32a9c83bfb541f6
SHA1ef38108faa46619d52ffaedfeefa2cc53eccb6d0
SHA256c5cbbcf399d1a533f8640bfc951680c9073b7bae6cd878d5d5edff7d65ec6bc8
SHA512522b9fbe6b8209dc362e2c2925e705d97949a16c30ef0516fe0e349cfeb143db21b1efae733e760ad5c63cae79be248d5a0b21c07ca19dd563c74dd4b90769c6