Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system -
submitted
03-10-2024 11:27
Static task
static1
Behavioral task
behavioral1
Sample
0efe92a918adba7ba262863305a2f3af_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0efe92a918adba7ba262863305a2f3af_JaffaCakes118.html
Resource
win10v2004-20240910-en
General
-
Target
0efe92a918adba7ba262863305a2f3af_JaffaCakes118.html
-
Size
21KB
-
MD5
0efe92a918adba7ba262863305a2f3af
-
SHA1
d17517262293cffc42b0d72cda84c0a1193a7461
-
SHA256
a9e38aa48d448150089875bfd3a1312c3f5481c96081fc002e657115fd3788d8
-
SHA512
aaafd743db8eaa8f7970d462deba8c48f28c2a2d5911af9b1f8458c759ca4b03eefdce13e1b8504cc80866130d53b998d16293dfd19fba93a5c6011d9dcf5dc9
-
SSDEEP
384:/hP6/TEfRRnuliroXuGGN0tWaL/jIBCDo6YsNiFbvTcrLGHEkjb:/0AfRRnbsXuGGN0tWwjIkM6YsNiFbvTv
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3700 msedge.exe 3700 msedge.exe 3224 msedge.exe 3224 msedge.exe 4444 identity_helper.exe 4444 identity_helper.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe 4520 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3224 wrote to memory of 2476 3224 msedge.exe 84 PID 3224 wrote to memory of 2476 3224 msedge.exe 84 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 1568 3224 msedge.exe 85 PID 3224 wrote to memory of 3700 3224 msedge.exe 86 PID 3224 wrote to memory of 3700 3224 msedge.exe 86 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87 PID 3224 wrote to memory of 1648 3224 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0efe92a918adba7ba262863305a2f3af_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3224 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc88b46f8,0x7ffdc88b4708,0x7ffdc88b47182⤵PID:2476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:82⤵PID:4100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:12⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15950689921989769864,10179072866558711853,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5460 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4520
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2672
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2212
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57006aacd11b992cd29fca21e619e86ea
SHA1f224b726a114d4c73d7379236739d5fbb8e7f7b7
SHA2563c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814
SHA5126de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d
-
Filesize
152B
MD5b80cf20d9e8cf6a579981bfaab1bdce2
SHA1171a886be3a882bd04206295ce7f1db5b8b7035e
SHA25610d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1
SHA5120233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a
-
Filesize
260B
MD56f1b741b2a2c76629d1f413e90d19846
SHA16b237cadafb2250e7b002a374870d11a598b9c54
SHA256b23a1ef0ef37b7b208c1cc67c541cd1dfba8f420dcd6fc60dc1940be0460426a
SHA512768cdf04a8cae33b032046d6de88d6d19e7a76843d34eadfda9601507241e2de35f44a4ae813a3d348388d164d0a0612a375fef285f9db17e9c210becd0e1894
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD525352cae62d0157d2ebe8f7618f67814
SHA160753db23f56789554ce9daa336de6784cd07cb2
SHA25647e0d2729a726437e058ee15647a310b92f759a97433a721844f983e88a1dc79
SHA512a38abf71d5d565e55e6007915e4850afeef2e5020b080e276775249c091bf9e5103943ac09f95b1aee1199ef0ebbd81e1727b2a3bae3c79f779f797cbbf3e2ac
-
Filesize
6KB
MD55ac2751b80d7be0e63415914b668017c
SHA117618f40aca4a9a079d2b72146dab396f6df22f6
SHA256218a437b4e82851a45c7d3a427c63a419ca32ba5b5ed87ba4fc5e9f3351f03e5
SHA512bda04c81247e62a6a76c30382b528178579697bd172d76eaeee5eb43d3e2bb1a9fde67ee9977bb8fb2afd7cfc9a8924dbb5401593b584a55ddeaa76dd2c8cf1d
-
Filesize
5KB
MD5bd8ceac6c53af63387eab860ff36cd23
SHA1ee235378791a2511d8408cbc94beed5518ddfda6
SHA2562be333fe262ff53edf78beabf34b80de10307d8e320411d6bdf3d34903f06428
SHA5127724fc8caffc0ac7219378301a379eb92f36f573c128d196a2ba8e598deae1f8de758eebb3a79c4c5c335d8ffb05c3a597a801e039c27e7d0b2f1f2381f58f1a
-
Filesize
538B
MD5a22d624c8d4e7fbacbb1128ef9ff81ad
SHA1efc2b11818055a019f2512d78feb0c243e881fd0
SHA25603f60f5493bdc620b1ae62f65e4f825eed8f741c15ae97d737623769e5b857c6
SHA5122be9f48f6e39590a51e98c9dc59efa7e41a1b4bed8bc63ec8f8196ce5d7d27ccafbb2deca152458539f7d810e7876129c4e2d4e437eb7b1e621007a1e42b8426
-
Filesize
371B
MD5565ae19b3de778a5ecf56335ed74e940
SHA1c3878fd9bf2db366b9a7a5c0512c70f0da3f830a
SHA25616f01580503ef9ad7fd602fe96842633356901d22143ff6fdd171a05e6a66a39
SHA5125ffa3429deb709244188abc050477c5e83f39d007dccd9b1bc803292d33cfc4169eb5f8d2e8546f984492789a7a539c89a66f663445cb11251e9506db0a5567d
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5e8a10be2c597dc84aea60ccff248d66b
SHA1064150646c96aea3f464323109a770069c78d781
SHA25683917ed46aa3ae5618bdb3695830eb164549729a99bee9bb6c7dd7200ce21cd5
SHA5129522505561c71b7b27698310f468556761591d8f54c584526bcc0be3c57130252dc9a6cce06293afa4a6f2c70a99a752cf796d45264b8cf7dea35f6203d6c0b5