Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/10/2024, 00:31
Static task
static1
Behavioral task
behavioral1
Sample
15797cbb26dff8222eaf3450c87cad38_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
15797cbb26dff8222eaf3450c87cad38_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
15797cbb26dff8222eaf3450c87cad38_JaffaCakes118.html
-
Size
156KB
-
MD5
15797cbb26dff8222eaf3450c87cad38
-
SHA1
0ba1837d3f892cc3eaf0bfdd76f73e2667766a42
-
SHA256
95e783fc142b9dbd9de0c7780eadfbc4643e5bb086625813cdc72d3d0701f85f
-
SHA512
4960976a67b15cc622156addfaee922c9ea0f2a3074bf8f57a892b1aa033b9767dfbf4ee06d1fa156b15404de006a8f73e8a3dc9c07bfb30b0f8246854ed9a07
-
SSDEEP
1536:iuRTFrUoEQy72yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:ik/ny72yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 208 msedge.exe 208 msedge.exe 1928 msedge.exe 1928 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3852 identity_helper.exe 3852 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe 1928 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1928 wrote to memory of 4424 1928 msedge.exe 82 PID 1928 wrote to memory of 4424 1928 msedge.exe 82 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 3992 1928 msedge.exe 83 PID 1928 wrote to memory of 208 1928 msedge.exe 84 PID 1928 wrote to memory of 208 1928 msedge.exe 84 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85 PID 1928 wrote to memory of 3448 1928 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\15797cbb26dff8222eaf3450c87cad38_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81fe546f8,0x7ff81fe54708,0x7ff81fe547182⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 /prefetch:82⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7682539958033175234,14478162232856980564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:5112
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4728
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3172
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
5KB
MD5c4b92df0ec5ccd0adcb77d7f74fbd572
SHA12679d77b70d24eb9d348d331ac9523b7698ce99f
SHA256530b419a1f298a4949a174120460433008e6a1e05f20d64bdfbe161e56991079
SHA5122d9c03c91305fb7a1513bd07615dba46a06ea338c9b6d72dc59519d42fea8ff3110e7f51e7d0dd55ad65ae98f9d21b7c646268626a937a374549f83f288a0d2d
-
Filesize
6KB
MD5d1d2cb0dba8da3c4b80dddd42470d1fa
SHA13cd434ee5c1d2dafcb191dbe289077f82509ad7c
SHA256aed42281ffebbc6be4e78025814fbe6b30ed99b5726ecb005b1276a97c8ccc8a
SHA512adf21fcdb9e588aede35c007f931804031b73286f4f555a2c42952edf48db7406ca50aff32ff2dbb3739881ca11626b0147e66e66a4cef82919fdc8c1771bb23
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5cdad326c394256498ea349db74add818
SHA1f466b56a50afdb07ceb3659583cdf3856a70ff9b
SHA2562b9ccad070165818dc68bdb06f2f4cbe4ac0bbe10468f5ef499c3f3a8e557f1e
SHA5121a829ae61abc067c58a1fb0240f6fe17c939fa66041b7eecc649d7c45d97d53fa1b62cf94f9357003d6d824ed0c767940040a66f04e6104e80ffd3ed3cc6b2f5