Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13-09-2024 17:48
Static task
static1
Behavioral task
behavioral1
Sample
de99e5b17a96eee75b373685dec83da0_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
de99e5b17a96eee75b373685dec83da0_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
de99e5b17a96eee75b373685dec83da0_JaffaCakes118.html
-
Size
36KB
-
MD5
de99e5b17a96eee75b373685dec83da0
-
SHA1
672c8ed2bea7b900b67172969dfe85d098b4244f
-
SHA256
f3700d1129c8eefc8d3ada1b624850d6bc3dbc5ffc3691a4d61cc48cab34c704
-
SHA512
951e2aac804c2e630730ca614b9f58b9d921f4268bf5bf0b35e33a9a2ca66d9d2d0df8ef1054cf7f56d42f391ea6377e27f064809a7c1dee33633f8a6210d9e3
-
SSDEEP
768:zwx/MDTHH/88hARvZPXmE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6Tsdi6f9U56lLRc4:Q/HbJxNVpufS6/s83K
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4768 msedge.exe 4768 msedge.exe 4100 msedge.exe 4100 msedge.exe 456 identity_helper.exe 456 identity_helper.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4100 wrote to memory of 4056 4100 msedge.exe 83 PID 4100 wrote to memory of 4056 4100 msedge.exe 83 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 3540 4100 msedge.exe 84 PID 4100 wrote to memory of 4768 4100 msedge.exe 85 PID 4100 wrote to memory of 4768 4100 msedge.exe 85 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86 PID 4100 wrote to memory of 2972 4100 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de99e5b17a96eee75b373685dec83da0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc8c046f8,0x7ffdc8c04708,0x7ffdc8c047182⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵PID:1272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17913787224307651347,1301591722854754480,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1676
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1752
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2364
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
614B
MD5ba2ec59cc367b6d0245f8d48d3a6a69a
SHA166665aa6c357ecd113d28e808de0e85571874f8d
SHA256a69c09f09f2d254fdf586db800777c277804f4327053e046349cbd167a03e51e
SHA5124a575152a48604c1683f08c818c1efc767ba722f1d8c0f7d905c9eb7a136afced566b6e03e530928af5a8e6188c8dd95f467d4d33f8ef7ad00b8b4030ad68cb4
-
Filesize
5KB
MD57e09acd59deab9a139828c60172b6dab
SHA108be279cee7fe8d9262d01119acd0190cb700099
SHA256b746f49a4fa8114ede416ffbfefb1961a2f4dae7c3d4750e186faec3103702a0
SHA512bdb8429472c3547636c834f50ad9634909cd724389d3bd90e1da768d12cdfc85263265be27d184acef944418d44544fb36f8c7d03797a8033aed518e74198625
-
Filesize
6KB
MD5343c204262cb4f5f4c4664ef46104a45
SHA1d119340285d2cf5b185a02df4ad9634e6b09d79d
SHA2569ea94180c86b3bec65c4a56aefa9fa775ec45ae4050c536cb5cb2a734819d850
SHA512b29b32f0efa0ba50ecb9ce7cff409f3426ebd4181fd7a065009d6de2c1224ef6aa1ac3f9b7232608d6a1dec8421b85ab0e738ca8483be5d4f3bf9b8ae30e1702
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD570f0b0608f3f099f97534a428a43f33c
SHA11790bbe9b58565bf71714543accb4c45b55063d8
SHA25619f34e02023814b10d743be1db0ba136d7fd6bfd9a9671717a65ba3cf0cd9a9f
SHA512e175a20cd8ae0533e140a0cd49361a366bd8a712271b6726829144e5c595b576e3e4213342aa60ea375769367f108e15e5ec1052b8d4aa8e185d3aec01fd3120