Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-05-2024 15:18
Static task
static1
Behavioral task
behavioral1
Sample
46c404562a8f9cc89c17c7457ef85a02_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
46c404562a8f9cc89c17c7457ef85a02_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
46c404562a8f9cc89c17c7457ef85a02_JaffaCakes118.html
-
Size
4KB
-
MD5
46c404562a8f9cc89c17c7457ef85a02
-
SHA1
4677cdc61863a00d8b99e6ab9acca761766a125d
-
SHA256
eb9f43267481d582eaa958c244322c544f6ae963d44585a814510a9335dc6152
-
SHA512
6be5c2586bc3b95d3d3eb93f33a8b226fd220b22a5369b554fe829d6ed3ffbf2b3ce10789bfba97ab91f524da731b777605a0c333e6d97daa5c69e098fc9f7f3
-
SSDEEP
96:10cd9hwVPcoGg/j5yntxI8vq/5K/u04Xv6Qpy/:XdbwWo1/j5sxI8vE4/uP/14
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 544 msedge.exe 544 msedge.exe 3588 msedge.exe 3588 msedge.exe 1376 identity_helper.exe 1376 identity_helper.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3588 wrote to memory of 1672 3588 msedge.exe 82 PID 3588 wrote to memory of 1672 3588 msedge.exe 82 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 3108 3588 msedge.exe 83 PID 3588 wrote to memory of 544 3588 msedge.exe 84 PID 3588 wrote to memory of 544 3588 msedge.exe 84 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85 PID 3588 wrote to memory of 976 3588 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\46c404562a8f9cc89c17c7457ef85a02_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3588 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82ad46f8,0x7ffa82ad4708,0x7ffa82ad47182⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:22⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:82⤵PID:976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:12⤵PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:12⤵PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:82⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14435370481135390961,11413912120735756445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1448
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3932
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3468
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
472B
MD58c2a43b8c5fa0a704910dbdef32d9ce3
SHA14b964927180273e13d6a61d50f9ae10fe089d5d3
SHA256a8b8caf4e3163aa45ca6baf346099b4633db99c80bf2971279602027e2f26b12
SHA5124eae8b099901ed1c51baebadea6b9d7a9f87d445f2580142fdb5fccb78aee759c5ae159b094562877b7430e47f2af3b8f599f201a78dfeba6b700a2b97f15460
-
Filesize
6KB
MD546d1e15cb68608e4d26d4ec2bdfe1e96
SHA18114ded1ffc441e6407e0ac35fb2cbcba7e411e1
SHA2566913b282807a548c01a0095fbc7076d7e2599b15f0dbee62d3341d6814816359
SHA51226c994e7e7a8fbc9c2d9e3002f0a12f68328e691df9c409319a9d0f60e7ed6549e554165f86c230b8d66e27a54f086afd912bac5801d20a1f5b7f86c8ad51a7e
-
Filesize
6KB
MD509c7fb4d8ceae6d38212dd1b35217b41
SHA1d27c56869b4b1e7aeff623c46a449b433cc2f15c
SHA256f621b135d9f22ea28a369ce3c62c4c0018624b642a887c0b8b437f54a0a6de43
SHA512c8eb02650ec300b37e99fa7e8e538785ca4885bbf7131d1b0f6a386a68b37f074dac629b1128a57cbe9df0fd25e830c632ded1fdcf120d26d6f9ce9a913e8332
-
Filesize
6KB
MD55ae586cb483b89e30ed0ef446859fa03
SHA1126fb4b753a5d4575465331ed8f6e5412407d54c
SHA25646d1f0f9f1da8798c4664ced914872b44405c93c494848f3e5256a0ad5c42e52
SHA512d74e51cd82112d2f82dd212f3f0153185523a0295c103ad3aee77c9906e8d7994762232fbf93a8116cb479ad06a3ecf90b5fc8b5bd9a3a036a984d7d23938396
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5eada28dbf7aff117f4e42e506586fea6
SHA169d341b7e25d65b02a2841a49690561bb458ffc4
SHA256034ffd1e15fcaa20555dea362234c0fff07f5e13e10b4fe5e10f366f1bb7cfd3
SHA5122ef7a824e91f3292b96f6047b37df05d831044183013107a37aaec59611e404ac4f0d34a8925eeec0597e8dae0d5175bc8b06090301628c7bcde15f6b2c1de99