Analysis
-
max time kernel
145s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
07-07-2024 01:59
Static task
static1
Behavioral task
behavioral1
Sample
29a8e763e3479728c6147f37b77f3007_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
29a8e763e3479728c6147f37b77f3007_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
29a8e763e3479728c6147f37b77f3007_JaffaCakes118.html
-
Size
20KB
-
MD5
29a8e763e3479728c6147f37b77f3007
-
SHA1
e308c7e6fb315481e84f41a11e675dd6563161ae
-
SHA256
93a91b86be3e2d178b511e2cd061a58955254b993bfbdf325d424007b1b5629d
-
SHA512
fc0acc744198efbffe186f5c74ee490cbe6ecb475e8306da85a0739e15935f645c7fef3b54da13db4ef58916803db33c706dad34dcde7cc598d710fe66b245ab
-
SSDEEP
384:AAaMrF3Ih3DQCDnT9AK4oQG7oTi8hdqp0AACeqb:3n3IFtTT9lQG7oTi8hdqOA5
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4432 msedge.exe 4432 msedge.exe 3944 msedge.exe 3944 msedge.exe 1220 identity_helper.exe 1220 identity_helper.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3944 wrote to memory of 3912 3944 msedge.exe 82 PID 3944 wrote to memory of 3912 3944 msedge.exe 82 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 2520 3944 msedge.exe 84 PID 3944 wrote to memory of 4432 3944 msedge.exe 85 PID 3944 wrote to memory of 4432 3944 msedge.exe 85 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86 PID 3944 wrote to memory of 5108 3944 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\29a8e763e3479728c6147f37b77f3007_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3944 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe357f46f8,0x7ffe357f4708,0x7ffe357f47182⤵PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:22⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:3604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,15498722796629156130,10687581707958199006,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4508
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4352
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a27d8876d0de41d0d8ddfdc4f6fd4b15
SHA111f126f8b8bb7b63217f3525c20080f9e969eff3
SHA256d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe
SHA5128298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c
-
Filesize
152B
MD5f060e9a30a0dde4f5e3e80ae94cc7e8e
SHA13c0cc8c3a62c00d7210bb2c8f3748aec89009d17
SHA256c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79
SHA512af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6
-
Filesize
186B
MD51458754278f7102f93ffac76f859bd46
SHA1281850e622652e26ebafd0fd3afd43aff8d68604
SHA2568799ff47ff6ba85e9758ed3696cb89be62f5907f6bfd6cbd1f65f342c807d498
SHA51261fd0ba23e1a73af1321d1d3175121886b7f0db82776b415aa7968b083f302975eacde41c8ba2f9ae8e83c9d8ef67fdcedf8c4bfbf8932a93027e2b6caa1b296
-
Filesize
6KB
MD5f97583d45dc4f04b248bf2b1850ffc59
SHA105e930a9b24bf6f5fac0e5bc5d2436457dfbdf7d
SHA256c243cd1da97dbc659e8991de7f29657e33e8457807008caa4ccb5163976cbdd1
SHA51218071b8c2ff6b9463d20564a714d2ca4d99ef55b9e6b56b2603f64c401f73990060042e73a6e5fdf3755aa5c325496f9ea9a08efebc86cdcc6e141ab2d6ba151
-
Filesize
6KB
MD5a5e7dd3d739eec02bd7de759027bf655
SHA154e75025cedb41a206ce0af9eb61cb9a7b326776
SHA256505a5a713d1ae5ab153fa2ceed68ce3486fc85fc49977dc4cffd47f136d9cbdc
SHA5127a7b0efc2f9eab5112ea4c80f424bd288fb64bc76507d8d7b74cf44e1e776ae596e1522d7126dfdc3015085fbad8538f2228287dbc65f19faa08901aa49453c4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5de043e6abb9e30cecbceee361fdec8c8
SHA133863a5217ad682d012aed418e16995efa2cb483
SHA256126bf8894ecc3bb705736e816cc4e29f772afaa298c72af912af55846e5bddab
SHA51239d69a04c1c77a6dc614e148414961b2c943b3660e3a46254d7a30ac38cf7c52fc949470642b219b4ca058c160d1b5b1cd31ee10932ad31cefb2c31e8449c199