Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 20:30
Static task
static1
Behavioral task
behavioral1
Sample
9bd730b988761cf7ff2a41f913070e10_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9bd730b988761cf7ff2a41f913070e10_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9bd730b988761cf7ff2a41f913070e10_JaffaCakes118.html
-
Size
129KB
-
MD5
9bd730b988761cf7ff2a41f913070e10
-
SHA1
2c86d18888b6f865b4763d0373578732d084aa29
-
SHA256
611b66eabf86c0579ac2be3a688892fd908f3f87e8e5d0d6a73e2d3ee124ffdf
-
SHA512
b9078b1e6a9efc20b3809fd45bf9a6b460e17806772de25f9ae287b11490812355bded2dd91e8558a09e40e996b047ad7f8460336b80ac1ee349838562b2f53a
-
SSDEEP
3072:9Hch5aVwGlyfkMY+BES09JXAnyrZalI+YQ:+xzsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 2736 msedge.exe 2736 msedge.exe 2436 msedge.exe 2436 msedge.exe 2168 msedge.exe 2168 msedge.exe 2168 msedge.exe 2168 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
msedge.exepid process 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2436 wrote to memory of 1012 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 1012 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 3056 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2736 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2736 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe PID 2436 wrote to memory of 2788 2436 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9bd730b988761cf7ff2a41f913070e10_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2436 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b8947182⤵PID:1012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,6128509874919330508,16922432025769015815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵PID:3056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,6128509874919330508,16922432025769015815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2736 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,6128509874919330508,16922432025769015815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:2788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6128509874919330508,16922432025769015815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6128509874919330508,16922432025769015815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6128509874919330508,16922432025769015815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:12⤵PID:4936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,6128509874919330508,16922432025769015815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5044 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2168
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:928
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5076
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
5KB
MD5f1d8e70a5ff0d8ca0a923130a60d0e68
SHA105cf6d0ebfd06a793e662782933b16a5662d66d7
SHA25602f496623861ca3ae1df2f814ad5810d22f598501311e060d9cfeb5a12401808
SHA5127a322dde57237bb311fc370795f65f390f325cc0581eb2fb6f733f4e6698fdb5b2867c7fa658cf1988add812e17498567096c522bb46b8ce85fa9840c3d39234
-
Filesize
6KB
MD5d663fc0e0c7cdf391e3a17b440f640db
SHA14a5bf1398f2438210c771b79046cdda92cd7b724
SHA25663ba9ac3b2aa5412d78ba1270fcb3f14b2c3bb47a6214e18f77d0f9b23c59ee1
SHA512dedcfa2b309cac14130737b2dd69d21c95a1ea306c7b0ec80bb88e73f3dd3fe1faea6fb41a7e1adc6e9bcfdbcefeb09554ca9fc6476faac148639b7614189968
-
Filesize
10KB
MD557edac9e6833582973d5ef2bcab9d42f
SHA12db749449dbc80d771856a209e603e597c227cda
SHA256de1af86626128444057d6ceb7b6e7ed1183812ab16310d6bab1b2bee74b791d8
SHA5120e02a3c6a766ae0814c4a78294485b6567657a7c6d6639148c5935a914b971a6f2cc456dcd841108d5ebadbd71891cf097df1731190e39d0ac385b1d2f0d93e5
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e