Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 16:57
Static task
static1
Behavioral task
behavioral1
Sample
bd61833a97526a6e755a9e72a574f9f0_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
bd61833a97526a6e755a9e72a574f9f0_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
bd61833a97526a6e755a9e72a574f9f0_JaffaCakes118.html
-
Size
2KB
-
MD5
bd61833a97526a6e755a9e72a574f9f0
-
SHA1
08f3a7c4b245bf6c794177d7a9dfb8d193a82acc
-
SHA256
adb83d025eb91d0a5900cde42ff804cae849fd40c411071deb2ea50ebf8e0b6b
-
SHA512
cfe9e3fc3a4d743635a02505cace55496be488762bc8860291b2958a4fd09afd15e9a65f703f564bd404572b1cd5aac9f1a0e5e17d6f36ad87df1e7aa4ed6a48
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1424 msedge.exe 1424 msedge.exe 1556 msedge.exe 1556 msedge.exe 1936 identity_helper.exe 1936 identity_helper.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1556 wrote to memory of 1736 1556 msedge.exe 82 PID 1556 wrote to memory of 1736 1556 msedge.exe 82 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 3876 1556 msedge.exe 83 PID 1556 wrote to memory of 1424 1556 msedge.exe 84 PID 1556 wrote to memory of 1424 1556 msedge.exe 84 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85 PID 1556 wrote to memory of 1564 1556 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bd61833a97526a6e755a9e72a574f9f0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8072a46f8,0x7ff8072a4708,0x7ff8072a47182⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:12⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:12⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:12⤵PID:960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:12⤵PID:928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:12⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:12⤵PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1052 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3558739099187891612,3545785528647439337,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3256 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4948
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4368
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3572
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD52a7ab2a854b16aba96539f68999747c6
SHA18381c866ac9e4e75ce95b4f3cd3eadef2b39ec26
SHA2564802bb7b575dbf0c433f32f1d68e33f71e214a20d1b338a01f73cf208545064a
SHA5128b9dba8ded348213e0e757d4c0ca391d8e6e1cab4191a40dd45aea75c34cc5fcf3571ce3452f85e9c8ffc8f85e0d2e8eab7df19f022177b224ea1475da48346b
-
Filesize
6KB
MD5bc007c2b3d9a5764dd9dffa4547cab06
SHA1909c8126b30a7539c3545b38197e13707a01f57d
SHA256ed089265885983db05dc277ba4f8069a5d552f8ee4b60a227d3d366e8fbdc085
SHA512679b67b49e3a27e399a9d2031cc1b8ae3babd9098d654b5d3ba8915f74dfc1f419ab88da64bce3b90ba1b5a2b6f77204eef11b48c0e7dda33b519d41d5c09660
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b63a7eec6296157e5befb28cf569241f
SHA13283157af0635b82a067d8a6737f36a40030d46e
SHA256edf23022438b30bce5bc723cae57bf20719e90603f11615de2820d957fa5a944
SHA512ed5943043a96edc8213a3212843a50852f1097b0a913a8f5733f55a11c15dd4e14cbaf41afe8a71da5fb151c7d2b159aee276994cc305694a11fba67e0e910ba