Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system -
submitted
01-08-2024 20:32
Static task
static1
Behavioral task
behavioral1
Sample
81c025656f00c434569fe74ff439e335_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
81c025656f00c434569fe74ff439e335_JaffaCakes118.html
Resource
win10v2004-20240730-en
General
-
Target
81c025656f00c434569fe74ff439e335_JaffaCakes118.html
-
Size
306KB
-
MD5
81c025656f00c434569fe74ff439e335
-
SHA1
4c2756668df4f1097f432d7c2308f472ac246958
-
SHA256
11de0252dac21aa0df55ca179cc58833b98138716647ad8b350f99d0a8bf81d4
-
SHA512
daebc689156f407e21fc8d7cd0c603a40beaf084b73d0a6f63d0cc12046917c1dff93d31d5f1bbfdb04a9ffeeb600125c1765704a1d1946cff75851ea7dfa5e4
-
SSDEEP
6144:jExmlleMvyH471tDVF1NJtAgc+zSJvnGep10pcGgsQNCBukhjz:koleVY71tDVF1NznUnGej0pcvsQEBLz
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 8 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage msedge.exe Key created \REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe msedge.exe Key created \REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-857544305-989156968-2929034274-1000\{8125676E-A90F-4E4B-9CC6-A994ACAA3769} msedge.exe Key created \REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4224 msedge.exe 4224 msedge.exe 4552 msedge.exe 4552 msedge.exe 220 msedge.exe 2572 msedge.exe 2572 msedge.exe 2572 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4552 wrote to memory of 5016 4552 msedge.exe 83 PID 4552 wrote to memory of 5016 4552 msedge.exe 83 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 2264 4552 msedge.exe 85 PID 4552 wrote to memory of 4224 4552 msedge.exe 86 PID 4552 wrote to memory of 4224 4552 msedge.exe 86 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87 PID 4552 wrote to memory of 3892 4552 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81c025656f00c434569fe74ff439e335_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9713746f8,0x7ff971374708,0x7ff9713747182⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8485445939478419676,14614524656535630109,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:22⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,8485445939478419676,14614524656535630109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,8485445939478419676,14614524656535630109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8485445939478419676,14614524656535630109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8485445939478419676,14614524656535630109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2160,8485445939478419676,14614524656535630109,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=2636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,8485445939478419676,14614524656535630109,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5232 /prefetch:82⤵PID:404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,8485445939478419676,14614524656535630109,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5596 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8485445939478419676,14614524656535630109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8485445939478419676,14614524656535630109,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4044
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4752
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:964
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58d8ccfa6a8b1b15db876b848b8fdc102
SHA1dc7d92c35e9c84d8d78ac0aedc926214cee68135
SHA256b48f98046030e23b843422251481c3f19cfa0cf71fb36a8ff89dfcb152761f86
SHA5126ae61b6cf236082b9930686ad2650c3ce3fa337550363e0858062dbb399093b0ac6bbca3d4c40101e222ce764fa4fb704bfc591e6d5b0a6c165f170cd6c9d5b8
-
Filesize
152B
MD581e22c2898ac78c14a840076a8446b9d
SHA1ff5b7cca3ff2c4e77e6330e2c5e2b62bb56e9fe6
SHA256a5e570fc8d3a52027db48adf1301fe8dffc500a4bef04d0d6bff15fff78ade8d
SHA51219381615be8f53ccae56a21c29c314c3247ac78fd3cf838f52ca98757b54f945f0d178cfb44ea5ad42fc68b3d3e6e7ce4e4f40eb69f791fa5132f591c62388e6
-
Filesize
956B
MD5da0a6482e41a4ae1b5d5ef8023cedb18
SHA1ae651b6ebb48ada736dadf8fa310faeb131274e7
SHA25683de1dc13e37be2da936fc9d5f7502fbfa3248388598e96b89120cdeb6b5920f
SHA5128c3fe372de2fb26f6958faf6f5ffa837c1a4b605044e669e13bbce9a8312691eb82d4b86089486bf1fb3bcf4651c720f1721def087639f7bec326c23cdba6e71
-
Filesize
6KB
MD54b34e4eaebb62ff8cbbcf888b2c37a91
SHA1a942e582daadda7f23b5d65329c113cdf7ad0dcb
SHA256a749dea6099afd0967aade78ca9a15955bb22e11fbda47f058dfc42a66c6b9a4
SHA51213f95aa80f3005c2e41888bac5d754bb184d8fc6b2d6ebf1a2834883782cf220a9070cbe3f41008858b3baa5cfb4a3c9bcff555b96c77be29d0a49b980565226
-
Filesize
6KB
MD559c8a72b15f5d6574bc863cb9ed9d1f4
SHA1b0e5082a589a4c01aa3f54e7327b48c1a789d6d1
SHA256869ba5e6c13f493ba855c3125aacae61b7817437484d4d58274030821dd9755c
SHA512e779275a89b9cd58c9cf5f11befa4974bccd97dbba0217e38ecc6a7b4d955ce4441505da3ea9d1c6fdf72a732dae0258fc561125e22d8bd1b3e4230bcbb3464c
-
Filesize
6KB
MD5cec35254b57432d4116c3b083c90c059
SHA14eebd8139657e9bcc0e03d6eb70ce5966217bd3e
SHA256d34a5621e4477048fb63dd9ad276fd95c07078a33c7a2b02ff9e4fba50ba780e
SHA51230ec3bf03d8433273854a5e2518857ae1503fe64cb37d8a16c4ad1712d68486deb9a3cc9ea9b54a2c8dad53c367fa02c536df4483c662712883448050becf4ba
-
Filesize
10KB
MD55361e24bdf322da6036cbedbdb5eac24
SHA1f52e710f5dfa216e4c38d25a8f966ad8a0cbf824
SHA2565fe80c52fa2751b82d9037ffc55858a09075e13344285a974387f54aeb7e033e
SHA512a30f841d9bfa39e8fdb9d7f36ba3b5ea5daf0758842426c1fbd70eab6266d70cdefd2d65c3701eac8ef2cda320caac89a57caea845cda8e010fb08e7f07abf31