Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/08/2024, 14:58
Static task
static1
Behavioral task
behavioral1
Sample
b3ec9bbe5a1bd1d3005083012682fa5f_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b3ec9bbe5a1bd1d3005083012682fa5f_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
b3ec9bbe5a1bd1d3005083012682fa5f_JaffaCakes118.html
-
Size
60KB
-
MD5
b3ec9bbe5a1bd1d3005083012682fa5f
-
SHA1
93936b451500fe36c9d6dbb48522388b02d0420a
-
SHA256
422fde839be228d969c401f524fb98265e6b9507698821db4db138431d74d5b8
-
SHA512
1d76ca92f7ba7a7b39f393123f0606eb61247ea8b2faf7fd0113d2f0c2ea41fa5a1a6367f3e7cb1b20505d6d25a2b64093efc8eadec824912e41dda2bc655804
-
SSDEEP
384:GwG7vAZ1Cym9KnjE5vq1egaf0gkHc/qGTQty0uh/mg3hSdKnJeg5BTrssEAT1nQc:GECy9fGnhgzy4fQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4252 msedge.exe 4252 msedge.exe 1656 msedge.exe 1656 msedge.exe 2012 identity_helper.exe 2012 identity_helper.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1656 wrote to memory of 3232 1656 msedge.exe 84 PID 1656 wrote to memory of 3232 1656 msedge.exe 84 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 1064 1656 msedge.exe 85 PID 1656 wrote to memory of 4252 1656 msedge.exe 86 PID 1656 wrote to memory of 4252 1656 msedge.exe 86 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87 PID 1656 wrote to memory of 4216 1656 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b3ec9bbe5a1bd1d3005083012682fa5f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1656 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc66c46f8,0x7ffcc66c4708,0x7ffcc66c47182⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:12⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:82⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8101727583393775374,1337917045951931796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4944
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1632
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4856
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
337B
MD526c46f40bff4a2467dbc48caf7d38770
SHA17f6cddee2df566ec577b15a7152eb07c387cbdee
SHA2567d0f494f2e7c61ef49b871092c1ad7ab8f138fe84c7c52ed1ffe04f1f89081fc
SHA512282943344c242cf0e3f471d57bef98e896f5513b8c3e03c1f7fd13e24662954836125ef1ce3684e79c405d1e4de17d6e0b2b23f7163f9904be520beaff4a69a0
-
Filesize
5KB
MD598c2b42828138a2a35ebdc62d612f75d
SHA1712069e492cd8a359de1f9479d941834b06e08ea
SHA25650087c617b3dc036df1afd6082b90896b2cefbd90c7d79f55ed63566a45e4eac
SHA512e201e954d1d878f090fe4bdd8859b90bf9333dcdce7c8aee91cc139c83feff03c95223ccd0ba6c38ff28b4e026fe75acc6b78e925b5c31ec8d8c3b631aa228b7
-
Filesize
6KB
MD5354a72993450500283f34c527a9afc70
SHA1dd556271136e6c4553b7f29170c1be07a0725ab0
SHA256e06cc5622b00e9014fe53cd485f62e9aa335e651c1b5c6b5f9bf1debfddb6f7f
SHA512f7ae0ae83cfd77e6a43086f17efe4cf9da55eb6d5b5eaaa757d7f7682a7f153949f3a7ca1093249cbfb800112d7bb30216155989db18527f15438b4cfefd148d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a1900722a5afb58954c1a65bebf07871
SHA1b4dc9acdd2f331d538ca04438c058cedfdc572e5
SHA256a8abc14f3bb9bd4861fc552d8b18344b96a041373509b091acf21093baf533aa
SHA512fbab35ee44cfef512d017843ca313e3f6349809b8272f2a9b11696611e9744e635c34f45a15d8be38ef36210f653d4b49f9b205534385113322d9efffd32acc9