Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 16:37
Static task
static1
Behavioral task
behavioral1
Sample
2ae41e5b6b57226a886f0a26dd1dfdf9_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2ae41e5b6b57226a886f0a26dd1dfdf9_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
2ae41e5b6b57226a886f0a26dd1dfdf9_JaffaCakes118.html
-
Size
86KB
-
MD5
2ae41e5b6b57226a886f0a26dd1dfdf9
-
SHA1
7fd9baaa70030bf6cd16c63488a4107855ede9d7
-
SHA256
74f0d2deb12768a5326e132a89d3db063ff850e483b81ba2305241e89ce7d357
-
SHA512
4c244b5be83a3c819c6d6bae91928c27240f27a3d32a29d67bb85991d08021d84c13433dabad138424f9b603afbec4febd50977d7c1078cc233ca423cc7f0631
-
SSDEEP
1536:KSqRnFtMTdGX+N4zQRFQNXMnqGCkeFeLXW/Qgi:EM52+CzxJGFeyXW/Qgi
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2984 msedge.exe 2984 msedge.exe 1056 msedge.exe 1056 msedge.exe 3944 identity_helper.exe 3944 identity_helper.exe 1664 msedge.exe 1664 msedge.exe 1664 msedge.exe 1664 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1056 wrote to memory of 3756 1056 msedge.exe 82 PID 1056 wrote to memory of 3756 1056 msedge.exe 82 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 5008 1056 msedge.exe 85 PID 1056 wrote to memory of 2984 1056 msedge.exe 86 PID 1056 wrote to memory of 2984 1056 msedge.exe 86 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87 PID 1056 wrote to memory of 3168 1056 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ae41e5b6b57226a886f0a26dd1dfdf9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a3d546f8,0x7ff8a3d54708,0x7ff8a3d547182⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:82⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:12⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:12⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:2496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2225513644951213696,2899648892215793937,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1664
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2356
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
6KB
MD5fac0e432533b7de4fd7ab7fadcae159c
SHA1eccc634a8e9f6bbbf655dbe3111cefd4e5a31e21
SHA256006701159eda591176225cde94e3d2cc0e6c7cabd7c18747432958c02ffb426a
SHA512504dae5712f17c15da2b12a3acd26bbc37c9a8bde17e9d84510594db38d453ea00d9e556b1bfef6bebcbf39b8211498de398d7a28bd3fd58e50d86eed7528d4e
-
Filesize
6KB
MD524c40abe59c688f17eb1b6fc91842937
SHA1bd65a96be38193b2dec6cb94f5392b91bab2b729
SHA256bfd393ad010da801d1b938c02e9065ac52a50d4d3d60cc98a1efdf3e15fac44b
SHA512675307244e613be32f5c7bbd4335ab972331719f90df309a576edea85c05f7a73b87be4b0137cb1545031937fb0ea4704f31835c50aa74b35df8e013de8e3db2
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD51603b950f67447fb9a804e283d4d20bb
SHA1c3e48304fd1835f92fc149d1d13bda3227549890
SHA256f23844c1786707a4ae78b92a77a5aaa9973b7efce4407e67ea1bd589864777d5
SHA512071a38a16a8b92d7bfcd1a11150b5386f86e7f12f51a195e886b8ed8385c651dfd26485550f0bb2f2795ad202632f2fe3772eb277b0090733d8e536d9ff6a0e4