Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10/06/2024, 22:31
Static task
static1
Behavioral task
behavioral1
Sample
9c2832c17346f8e4b4dcb9b1ec3ae1bf_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9c2832c17346f8e4b4dcb9b1ec3ae1bf_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9c2832c17346f8e4b4dcb9b1ec3ae1bf_JaffaCakes118.html
-
Size
19KB
-
MD5
9c2832c17346f8e4b4dcb9b1ec3ae1bf
-
SHA1
6a4e03bb8ff379cd18bde45bf1fbf561183d791e
-
SHA256
3fcac86849a564ad3a2683cad39e44e33fb863746ade14e44e9f14a1d895446d
-
SHA512
092233b78b59621e39be5c5eeb48f597c0aa3ac8c0a0030daac1a1165ef93461f191aac407fd20135d3e5f76f33ccc6b8800c9003b91f6929bc8447d01b2ff16
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAI747zUnjBhlf82qDB8:SIMd0I5nO9HpsvlkxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1640 msedge.exe 1640 msedge.exe 2560 msedge.exe 2560 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2560 msedge.exe 2560 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe 2560 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2560 wrote to memory of 544 2560 msedge.exe 80 PID 2560 wrote to memory of 544 2560 msedge.exe 80 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 3304 2560 msedge.exe 81 PID 2560 wrote to memory of 1640 2560 msedge.exe 82 PID 2560 wrote to memory of 1640 2560 msedge.exe 82 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83 PID 2560 wrote to memory of 3568 2560 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9c2832c17346f8e4b4dcb9b1ec3ae1bf_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2560 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff942d846f8,0x7ff942d84708,0x7ff942d847182⤵PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,98685541968933843,907222826091339573,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,98685541968933843,907222826091339573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,98685541968933843,907222826091339573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,98685541968933843,907222826091339573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,98685541968933843,907222826091339573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,98685541968933843,907222826091339573,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2648
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5016
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
6KB
MD5b7c00efb09f63bbefe3e96d3bedfd1ad
SHA133b936d07d52a89ee93262ceae12cb6aa6e78a92
SHA25659d1aa970ebb60891e7bfa392a97b46f5fdd3ff579a4090fe77989436103f86c
SHA512583f75b8c43d39a0492a645fe777ba0967e1265a2de165d5291c22dc249727e50209d6cb147b8aafbe0956e24a7c0e1f7b2aef741051ad7083652ab81c0cc0f5
-
Filesize
5KB
MD52b89e66be206f97dae572bec0dfcb782
SHA11096d29a0fbcbecac942cd738b00001575c209e1
SHA256a15a4ab48ac8c122ad33abd6599ec7422a567e9dd480db4bd88bcd9c07d4328a
SHA512587cccfdc0bd74260c9a0dbc2ed0ff10c7f70412912fc08c8747cb0e19898e744c50e519d50e11ba7da3e7c13c8fa0d3eb32e22b0d93d214f6bf057d1bad2c06
-
Filesize
6KB
MD5bcb4c8ca2d83ad346237711817113870
SHA1625b1787e65606ecb89f62ea15b90870d2bf478d
SHA25648165da160c805e72073b5d7ca232a73253eb0ee371c1dfaec880334c3e1bc26
SHA512b1ad54c7e38b9853a0183c3953b29e11c539481b7fcddd9b2d06073ebdd254d67aa1b9de215e8f94ef8bce8d3f3bea838fa8e92223e5b273f96876e3089e8317
-
Filesize
10KB
MD5686a8dfd6639724bf77f4c1b70e96d55
SHA19790b1e7a1c9e690aa639fe0384d36591fc3108e
SHA256477445e6abcc59324c8bd29e5e7a7b0c6a516ae6fb1c9b53bd76445fea7da722
SHA512dc33933dae93d6105b0f362f07d175247f088cd41a07606d4789b4931996f3a2b372b1853be493e5534ca0bf3960e51e3538bb0ca0c45e31523e8a8000e52da6