Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
05-06-2024 05:29
Static task
static1
Behavioral task
behavioral1
Sample
974b5386a94db036e348c9d2527f5d7d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
974b5386a94db036e348c9d2527f5d7d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
974b5386a94db036e348c9d2527f5d7d_JaffaCakes118.html
-
Size
35KB
-
MD5
974b5386a94db036e348c9d2527f5d7d
-
SHA1
d3f7bd1342e33eaf4111922dd237ca6d93153b5b
-
SHA256
0e1052bb0ce776210415b354d0ca2b55743f3a1957b7f6b2353f8fdfb428098d
-
SHA512
0c7bf0a4f4bb40f3788f969de45d80c2dd4e6b439da704c837dc1a48c5b65a65c32f38bd3302ddbbab1a21c6f9e731b0e843b2f33d5421fda6b8442f0973cb66
-
SSDEEP
768:zwx/MDTHk+88hARZZPX8E1XnXrFLxNLlDNoPqkPTHlnkM3Gr6T5Sl6zBy6OxJy6d:Q/NbJxNV2u6SJ/+8GK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2404 msedge.exe 2404 msedge.exe 3012 msedge.exe 3012 msedge.exe 2016 identity_helper.exe 2016 identity_helper.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3012 wrote to memory of 3144 3012 msedge.exe 82 PID 3012 wrote to memory of 3144 3012 msedge.exe 82 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2856 3012 msedge.exe 85 PID 3012 wrote to memory of 2404 3012 msedge.exe 86 PID 3012 wrote to memory of 2404 3012 msedge.exe 86 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87 PID 3012 wrote to memory of 820 3012 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\974b5386a94db036e348c9d2527f5d7d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb42bc46f8,0x7ffb42bc4708,0x7ffb42bc47182⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:2532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,476746388154504164,14273603413632383711,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3188 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:224
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2296
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4652
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
613B
MD5a1ee26ac275d7768e10253ec97a5fc9f
SHA1c1b764c7e16fc87c70cf18b6f848ecaacfc7b4c9
SHA25688e0f83575928801f38598199d8d96baf27b8aa48869bea56cd07e38722bb32d
SHA512f3207245799464670d0a1422f1d86773ca58643281862a1153bd394e867d797dbe991359378438ce1e99dcf12edf119edde39457f0dd635ebc4698e2530c895c
-
Filesize
6KB
MD50a5590ccf0f3bf1facd5460ba504d7ab
SHA14664df9ef1b9babfe55b4871f34364fcedab9329
SHA25658518bafc85f6cabbefb25ed85fb34004acae3d211f265183632252c1e14d325
SHA512ea1e99686445fa00fd2c671fe1d2acc1a7d4ff0bd6d5fa9efd8b26dcb7664c82997267fbd1be52a8521cacda514dabf08c47dd6f5f1f47afd9455ef0c86ef03a
-
Filesize
5KB
MD5f07455b38c2be62f338b4fac57dd78ef
SHA10c9c477d66aa15131e4e6f3131ec52af1b7d9fe9
SHA2564baf611e6b3e6f527cc7deeee3ebbe3c019443c3320f945d7f2796f1dbc8bfbe
SHA512a85e0ad0f41819b130caf5e81ac195f2b8a2c8dab93c016fed45c0a0cf35d5181c8f22f796f7e567055656fd98efee2010235ac7988b3603af0ede6130628a99
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD55ed7f7d3ab203d3dd678c1d22dad9fe0
SHA1062b584b3d7e66999ab3bd0509e2718184fc2e51
SHA2561d2b2f05e6245f702d73dacf256232211eb096942a5deb54de6f6b7674584ae9
SHA512c9e3bcda606371a452d9f153c3ca8ca7dc4aa046423d628b67bb6654977ca2bb761af14b266c74a98e73cedd9122f43bfdcd8e15aeeb84cc9273c406066c1f81