Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07-09-2024 08:19
Static task
static1
Behavioral task
behavioral1
Sample
d17bdd90cd0cc83e5f5be9313914d459_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d17bdd90cd0cc83e5f5be9313914d459_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d17bdd90cd0cc83e5f5be9313914d459_JaffaCakes118.html
-
Size
18KB
-
MD5
d17bdd90cd0cc83e5f5be9313914d459
-
SHA1
39cdbed330942afb342152084f71521546d90762
-
SHA256
ff0e5a753e3410aba6fa823370b22cc6a918859360d68799d790009176615dae
-
SHA512
4fb524e98aa6f4d237c5beb6a765b0d2898b30d95dc874c38bfd76e4887d3f8b937078baf0ba4519481409c2705dc0caf253f5c1f8dee8d051fb14568cdfda75
-
SSDEEP
192:9K/ypUhTKiq8LTgE9d3M1mMv1jQR2Ah50MlUx9V6cxjb79DXSaiFPiC:4/yoTKixLXfXQQRB8p55iaitiC
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3636 msedge.exe 3636 msedge.exe 3584 msedge.exe 3584 msedge.exe 4064 identity_helper.exe 4064 identity_helper.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe 3584 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3584 wrote to memory of 4536 3584 msedge.exe 83 PID 3584 wrote to memory of 4536 3584 msedge.exe 83 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3144 3584 msedge.exe 84 PID 3584 wrote to memory of 3636 3584 msedge.exe 85 PID 3584 wrote to memory of 3636 3584 msedge.exe 85 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86 PID 3584 wrote to memory of 1556 3584 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d17bdd90cd0cc83e5f5be9313914d459_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3584 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9c6946f8,0x7ffc9c694708,0x7ffc9c6947182⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:82⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:3416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:12⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,9819525939682814527,15766394098366444701,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5932 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3736
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1564
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3016
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
1KB
MD5c8133adaf499b6b4dd1e5face3189436
SHA1a440e856ff15f68573abca1b97e96859c441eb9a
SHA256b2b5f4c1895b8a5bd3afbec8db02c1f4ffa7f09e8cadb45779d6e14f6a5e99bd
SHA51217626927e1569100f6f420a5e329e21a3c93c95c45f23e7341e49d5235e15462f8e1efbf991ea4f3b1354c0557c0a53c6980b6ea2a85d20010e2d38e837bc2a5
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD51061cb1513989e40f3eefe743913b1eb
SHA191dff523766e2eb93fac3aded5ccbca7b38ae0b3
SHA25668edabf90013b9a1c731ea188f559a77ad56d97233d97fb7f1d0ee5f43266ba7
SHA51291ae51b7c11939d796d24681d871ff465dbb3b765ee6d1335833d871a079a07af206c61c83349abc7b215a3a8c67449795da4adf3d404b83888d7f56107a9cc5
-
Filesize
6KB
MD56d60c3a91d67d53136c0204f52b9e014
SHA1166e328343b6415f6c506f4b0b020c3852ad6554
SHA256e12b3ef0a1a1d679e5f51a0709402e6d05f30945dd3f28a1c59d0f8b76a77d6b
SHA51259ec77d9f3b5b736f12dcbe5cbc788420190a77e728cd7f103875875cae36da21b6f28fb39c3f30add4298f231dfc1a874b1a34cca234572d9fb5988cf8aa554
-
Filesize
6KB
MD5ee0a2680c794405ff6092a7b5a65d114
SHA1b119b88ef7ec67819eac8f2dedab8110ae6a6157
SHA25630d0920a5e0a4abfbbec1a8adf0be52d5a0c1da9d9e6cbf258174db36fc6b0d0
SHA512cdd3426752d4ab8cb8241b4d1ae09bd452185bdee9cb03f9a8c59445704fb3a2f1c8c7bc70c6b319c31049fd812b8d9628508521397f3d410b3bf4014e0f61b4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5994208fbc6e942851efadba25e62da4d
SHA10cc251524949581a918fb08a6bd26a476f47ac6d
SHA25684b5d49dc51d33ad1fc5915a20754540672c76e6ade2cbe89dffb0c3abc5f699
SHA5126ed1ffbb10dec2bf009eae295b455a520b5dab9e218292000382d3be3e383b4e002d6303faff7bf21f2598bddd5c3f7b8a70b209a86e6ce041bff94f6eb236a9