Analysis
-
max time kernel
100s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2024, 03:39
Static task
static1
Behavioral task
behavioral1
Sample
ea844483ca3b0b18b63d33f2d2fc21cf_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
ea844483ca3b0b18b63d33f2d2fc21cf_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
ea844483ca3b0b18b63d33f2d2fc21cf_JaffaCakes118.html
-
Size
346KB
-
MD5
ea844483ca3b0b18b63d33f2d2fc21cf
-
SHA1
efdf15a0da211c4653f1145a99704f198057fc7f
-
SHA256
51abf90dbffa97b18ebcf10641552c596b8ebb3356552088db9c3d2e2ed8c72b
-
SHA512
80b69c38c79f37dbcbb0ff167bcf20ca8cb8559b2902f2a9b2f726597353442d8bda3c80c4d9402140141cfa9c43b930599e1343123af0f03db088f5633e88e5
-
SSDEEP
6144:5pC3jLc3r+q3HLJ/oFoQmGpayFzop4BPT8OqcFbYXnIjIF7VgI4A33KftWRwurFA:XC3jLc3r+q3HLJ/oFoQmGpayFzop4wZ4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1084 msedge.exe 1084 msedge.exe 1820 msedge.exe 1820 msedge.exe 1952 identity_helper.exe 1952 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe 1820 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1820 wrote to memory of 4376 1820 msedge.exe 82 PID 1820 wrote to memory of 4376 1820 msedge.exe 82 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 880 1820 msedge.exe 83 PID 1820 wrote to memory of 1084 1820 msedge.exe 84 PID 1820 wrote to memory of 1084 1820 msedge.exe 84 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85 PID 1820 wrote to memory of 732 1820 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea844483ca3b0b18b63d33f2d2fc21cf_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1820 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3c4146f8,0x7ffe3c414708,0x7ffe3c4147182⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:12⤵PID:3612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵PID:1132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:4036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:12⤵PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15931043261471475310,13845400373470460615,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:12⤵PID:4160
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2728
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1672
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
1KB
MD5acd26da9d6944025c0c2898edc099407
SHA14c25eaf2fda4c9a77c049f8a2b0fc818a8d443d2
SHA256743aae8f383ef2e13fa513319a7314ce4b28265b2193b3e31a182fa12ba89a0a
SHA51297fd8fd6e344b89abbea4c805079af7be87314c1682e735ce03c4f734c32b9710b306b1ce060785482bcb9c2790fe6b51a44ebdf49d2823be7f990347f3ef57e
-
Filesize
7KB
MD58bf1202f6c8df6af03dda60ce1d0add0
SHA11b15eac8efd026d674ab50b342ee7245f32bd456
SHA256042d36ba2530b7a4385964610ba854c34aeb7508ba990e40e4d85d6103529881
SHA51246adfb327c5f008b4ff715e394d43548ee254b0d9563508470be4750ccfd2a73498d2822c55a3a34bdfc7b04bad8511efb610550e796c15420fdc9402139a743
-
Filesize
5KB
MD578da709debbb81e81a68638f0bfa158e
SHA19005911c9bb08154c5793b31259899436fec2fd5
SHA256591a1fde4716ab91beb8bfa7ffeabc755171e7d615853e64f542f994963e0a68
SHA512ea9b4f2cfa09ed1ed8bf4b13278ccaa9beadbcfafd69911bfede2d462103f860431cd3205dd29fab63bfb18110dc1c4d026ed57799e5490cb34b9c476ab25246
-
Filesize
6KB
MD59938f4a3f1ae7be9f54d5e75cd395e6b
SHA139f9b088508c967b56359ca8d1a188c5563de9c0
SHA256bb4faf0033a891842e7ab351a336c9907c2f54c8e05912ac2114b19f53f33af2
SHA5126d3d69a6146e15b5aa359c6d0bfd131fb6f5e3bf87dc6ec17493e7637f02408732ca77ac4bf015287dc9980d58a8f64d75edacb15fa4cbe8998ad526df1bfa08
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e67284724069aced0a47abcaca4c4243
SHA19f778dbf21697bd4b8e6197ee14017441065e90c
SHA2564aad3359f2391fb707e28cd26bd933500fde40b85bffe1aaabe096e66498d97a
SHA51257ec8d6c264e091eeb132441401b76c7321dfa92b67312becfb270b58c4770a8e9fff3db1e32b92216fde22a272d6c82d8a464e40e1d6afb460a81656574af77
-
Filesize
10KB
MD5e8924a8cd8f455794b70894ddf2f6217
SHA1d7b7cc421daaf3d53bc8a8ab524541f111e2a4bb
SHA256241192cd2ef84938b184a86cda574ce524cfbb799c183b3507a89f40f4d47ce0
SHA5123353d0f9c5bfab5812b2f1f33da64aa18220b2621923781955372ba7b1c878adab27129702933ba037aac7c08671d96dfb30288c5ea760789cb1cf692d0b046e