Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
04/06/2024, 13:09
Static task
static1
Behavioral task
behavioral1
Sample
94f6666545008b4746d2b47759c8ccf3_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
94f6666545008b4746d2b47759c8ccf3_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
94f6666545008b4746d2b47759c8ccf3_JaffaCakes118.html
-
Size
70KB
-
MD5
94f6666545008b4746d2b47759c8ccf3
-
SHA1
51248697ee73ec7c8e15b68c360a13217cb2586d
-
SHA256
b24bd2d938835954db7d313797081164de52a36f0bec9b57e4eb46a635eec663
-
SHA512
8ce95099dabf744ab07b60c032d686dd6a8e2dac3b7740d10c5a5c387e60cbc7a05f61a6e491c2df1cb1eaf55997e0d433b8223812c2e42850170c0cab7299bc
-
SSDEEP
768:2Gb/EmuhWK+1jIzB/9qcne3ht/3VqtSSp5CZOabOaqAn0DBqo83ISojgG++cJ4YB:2Gb/E+RIBBe3cHrmOaCpoJ4Fw
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3972 msedge.exe 3972 msedge.exe 4448 msedge.exe 4448 msedge.exe 2064 identity_helper.exe 2064 identity_helper.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4448 wrote to memory of 2136 4448 msedge.exe 81 PID 4448 wrote to memory of 2136 4448 msedge.exe 81 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 1484 4448 msedge.exe 82 PID 4448 wrote to memory of 3972 4448 msedge.exe 83 PID 4448 wrote to memory of 3972 4448 msedge.exe 83 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84 PID 4448 wrote to memory of 4908 4448 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\94f6666545008b4746d2b47759c8ccf3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f647182⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:4908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,7013369093748282552,8294308624992785468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2924 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:544
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4528
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
5KB
MD558c9dbe68689a4716e8823c2ba02024c
SHA121a9317156168e2ad3be108b60767499404a905b
SHA256b3ab33cc87c25a3cf31594f2d63808cfa569b18e8bf7034ff32e31890feaadb2
SHA51256c655a38ce5a69f316384a131fbd32109fd9dd8a9c2aa640e7564adc67c810042221a95fc789be9429c3c909af274af890ff6e3e45bf2c1b3364bebdbe0ce3a
-
Filesize
6KB
MD5d5d14f3e9898f87a941697af446922eb
SHA162f7fcd72db17ffe0f12048d718a8e11c3bbfa4d
SHA256e4b8fee7a9204d5d205c3c759c86e7769e821f4f3aeb3d89a4a60502aa956a37
SHA51282a4564d44604941ef066ccfe168879acb3c8afb6b7e8e77d40a3f071480ab891417d2f56b68f2ffb7b7031396a0f4fcfbe6d06f8df7a2110f71f1bae959cffa
-
Filesize
6KB
MD55258d21c3fc15a8e0f70b1d1b65f8ee5
SHA1e864d71196ac97d4725376964d09cb9eae210b8a
SHA25609049369e68f0e288ae3c64edc62063743b6d6ef2f2d48468dbaa5b432f8fac6
SHA51282ba0673cbc4172c033a1226109a50b25bb2c973419ba7e2e27bbad72c04f44daedee7decb983117ad8677a67662b331e8cfa66910b93cfacb0bebb445e0cbbc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a64f6303428269d779329b4f2937cec8
SHA1c98537b25fa97d0050c7cef369013728bdb1c992
SHA2565e412230080fc9bc50d3ac381a87d13c842c5966c35ba4530229718f03dabd1d
SHA5124fa35af31cfe023c7253aa713064910c7b2e42fcd286fabf22dd04f5a7d850579593addfd1afdf87a73e555688379d6ac113781a791457824a6fb2077e6a98a3