Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18-10-2024 07:21
Static task
static1
Behavioral task
behavioral1
Sample
5625d02fad29e7da7a2c12cb0634e83f_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5625d02fad29e7da7a2c12cb0634e83f_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
5625d02fad29e7da7a2c12cb0634e83f_JaffaCakes118.html
-
Size
139KB
-
MD5
5625d02fad29e7da7a2c12cb0634e83f
-
SHA1
37767a788a64fedd829afe8db1d781137b84b80b
-
SHA256
1e3f7a820cf1b353117ce97097ef6001f0296f70c59a477c401cf4450193395e
-
SHA512
1f051fe0598fcbf5e1e46585a85d7432e84e400fb8dc26c021e6a64dfd9c1ea03cb6168cf3182e339f2ef91febfbbea1ca2296f94d239ede44db3da0190e2851
-
SSDEEP
1536:SMNLR6BdGfD/TBu+aaIlUZtyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP06:SM8aryfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1868 msedge.exe 1868 msedge.exe 2196 msedge.exe 2196 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2196 msedge.exe 2196 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2196 wrote to memory of 4268 2196 msedge.exe 84 PID 2196 wrote to memory of 4268 2196 msedge.exe 84 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 5036 2196 msedge.exe 85 PID 2196 wrote to memory of 1868 2196 msedge.exe 86 PID 2196 wrote to memory of 1868 2196 msedge.exe 86 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87 PID 2196 wrote to memory of 4412 2196 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5625d02fad29e7da7a2c12cb0634e83f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff35cf46f8,0x7fff35cf4708,0x7fff35cf47182⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16736792909644248080,17533746726552781216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16736792909644248080,17533746726552781216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16736792909644248080,17533746726552781216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16736792909644248080,17533746726552781216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16736792909644248080,17533746726552781216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16736792909644248080,17533746726552781216,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3948
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2980
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3132
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5dd2229e1d9921e8efa4812310a6983df
SHA1701c0ca50a577888d1c4b505621e861ecc85da52
SHA2566827bcd27cab109b29a415fb305dee882a18c574d536c54e858b7741acdd1bf4
SHA512c171aae32043346b40ebb9b03b4efe80db3c53c926aa91fdbda2de7cb6470716f53a0d06b3ab2a9296c6e57199f3b1b60b41af20361d5677de355803ddae0762
-
Filesize
152B
MD58749e21d9d0a17dac32d5aa2027f7a75
SHA1a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a
-
Filesize
152B
MD534d2c4f40f47672ecdf6f66fea242f4a
SHA14bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA51250fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6
-
Filesize
5KB
MD5951aa58fc7358bd04a016f03f58e4d2e
SHA17a2f006f46858e6c8856c32c76b37d635f8f33a5
SHA256c997b624f8041b19fd14cdc2a645a22c27b12da029482a9653a07a44615cc263
SHA512ac3b93da1a0687fe99248d078cfe4a07ddfeecc5651bfcb199d1201947956861cb03cdb6abda3dd828745e239debbdd25e88024a4ce9ae1888928abc81d0d7c5
-
Filesize
6KB
MD5d20f1afdae659b3c8da3f2e2567ca6ba
SHA171e1c0674c45a193b0aab091088dea6e846250a2
SHA25660bdd3c2cb88ed45d9e23821e3590136cec1f4822502734b744a0bad87b0f09a
SHA512cbc79d14703622dccb985370e470b9fa5153c8963f59fc09ca9dbdd53837e3e725941f5685a32d79603b313e1030af331410d8633b44d73d9004087e6bf4c665