Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/09/2024, 02:09
Static task
static1
Behavioral task
behavioral1
Sample
fd97f7ef7a31256f36ac563354d95390_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fd97f7ef7a31256f36ac563354d95390_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
fd97f7ef7a31256f36ac563354d95390_JaffaCakes118.html
-
Size
62KB
-
MD5
fd97f7ef7a31256f36ac563354d95390
-
SHA1
b1cc8ba13117e3da2276f96ee5dce234777d0c91
-
SHA256
e39b4adad66d3fc001474ac0476bc9a6f3a8676f312a0e58709d365b4fe093b3
-
SHA512
a091911ad28ebc5145431253eab9a6b4a610c306ce16e3ea82cc16f57966441bc07139c6205f94370157e5300a798351a908cd08347f2238ddd2d54ac160c5ce
-
SSDEEP
768:/x/RTPtO8a/zHyJoeA8DsagtSsYiLuNruca/OMBWVlPnjbyFdH:/TA2VDs9Vq5TSWVlPnjbyFdH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2868 msedge.exe 2868 msedge.exe 4300 msedge.exe 4300 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4300 wrote to memory of 3460 4300 msedge.exe 82 PID 4300 wrote to memory of 3460 4300 msedge.exe 82 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 4776 4300 msedge.exe 83 PID 4300 wrote to memory of 2868 4300 msedge.exe 84 PID 4300 wrote to memory of 2868 4300 msedge.exe 84 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85 PID 4300 wrote to memory of 3080 4300 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fd97f7ef7a31256f36ac563354d95390_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4300 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb50146f8,0x7ffbb5014708,0x7ffbb50147182⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1225314781736225786,3927742828304380700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1225314781736225786,3927742828304380700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,1225314781736225786,3927742828304380700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1225314781736225786,3927742828304380700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1225314781736225786,3927742828304380700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1225314781736225786,3927742828304380700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1225314781736225786,3927742828304380700,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1896
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:976
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4156
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
919B
MD56219e93083b9be98ce6bc50f4cd35718
SHA1fcb367e1b0827d86ffa7220bbd544dd41e5084cd
SHA256987bdbbcb451a5a83d4cc60a9c2099e6d9f615c31cd4f0ece978b99c0ddebb8a
SHA5122bf4de851738c0ad37c2e9b278e9b066b971b5a7b1f50d6ce8bef9786c3ee353088578779730d9335377f99990c30b95d91595a7e935687addddf278bf5c9f52
-
Filesize
6KB
MD5e5b22d3a49af047a73af67e17c2deb1f
SHA12ab8f22336160896d844ea4da1e00ca93a4c8446
SHA2564750102eb3282a3856f80f300c7de091f1827159a7586427608f3ccf24fe2371
SHA512e227cb7cf1f23b61024cea5292fc1f0885ff137b8f9caf1b7323b77575f9b7ca4d34087c543f1ae597f42f0389d8967e6db32100bc5030c24c07bad7c4a7a119
-
Filesize
5KB
MD50a34e6ac288fdb6d0d2d67c54b53052c
SHA1489b076727d85ec4189d08fd432a44d4d0614d50
SHA256a4449277802572002a10252acaaa40bb83b138da7231ff6cd041dcc1f2fc212a
SHA512d6ae6022982ae6b1b94283850f42d25c64cf15481cc44a85883d4cc13284b6698c31f63654d71aa11f758fbe22fb82bb0d55b9de70f0aeee4a3d0d84794bae8c
-
Filesize
704B
MD50363f035c105fcd638d2a425b99a12a6
SHA1277b2eeba655c1ff277a338a690f028b08b92256
SHA256294747c404eb6aadcdb2396734e221ac66a176a807500d1a82b3a0a5453f8f42
SHA5129604c9d9030890dd5866969c056ceb4d4cf7dddee0eed03acfc0c78e49b7cba7dc280ded0172ff36f6dbdc7cdecf6d83399eaa9b7d04e39d54282b0e6bc7672e
-
Filesize
537B
MD5beae354262c5b0e1996debbfad83b1bd
SHA16006fb70484d51bbc2723ea069043d93f19c96e1
SHA2562a1b1b3445bb266a076f99f2c386d886ec1bd6b31c4686c7d5dda9f6e1ba46b4
SHA5120107c35cd0ba620bce177dc0f829ac8d68d6f60990d3bbcf2cfa605f03cf69c15e3d30bd1eb45c3f8899f1e3018c9b40883b63a905657abcc8a6a13eac43a5bc
-
Filesize
10KB
MD5f0b4eca3727fa36af620f9485d6cebee
SHA150aeec6f0d93f27aab3d81ad6b7acdcf4e8edd67
SHA256ca52ff0b4700088690cfaafb28796a9cf6a4e3304ceb8856512355bea82849de
SHA512106affe1d6b9949fb0f65cbbd8170537216e65b9a1038321e2fa2c2357cb797194717f78d2bb49db3fd6cdfc21b3c82f3bf3fb624a69aad442c367186190cef3