Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
16-05-2024 08:00
Static task
static1
Behavioral task
behavioral1
Sample
4a1cc19e7fb0d47d9112907676a64616_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4a1cc19e7fb0d47d9112907676a64616_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
4a1cc19e7fb0d47d9112907676a64616_JaffaCakes118.html
-
Size
161KB
-
MD5
4a1cc19e7fb0d47d9112907676a64616
-
SHA1
7bb78b76fbe61cecb97c11558f8cf8851035b22f
-
SHA256
3585d5dc845cddcbdd897f54792e1c2c1a9c072740e216aa76ea5bf0c3133ea4
-
SHA512
b6536336b7a36695f2026a0909a3241cbd30b4a6121713832fcf6c5124806767a03cbfdb4f06bd2557887945dc358740bf6d62fb7a83bab17f149d471ecf99c9
-
SSDEEP
3072:SA5kKuaADyfkMY+BES09JXAnyrZalI+YQ:SA5kTmsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4780 msedge.exe 4780 msedge.exe 3776 msedge.exe 3776 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3776 msedge.exe 3776 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3776 wrote to memory of 532 3776 msedge.exe 82 PID 3776 wrote to memory of 532 3776 msedge.exe 82 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4736 3776 msedge.exe 83 PID 3776 wrote to memory of 4780 3776 msedge.exe 84 PID 3776 wrote to memory of 4780 3776 msedge.exe 84 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85 PID 3776 wrote to memory of 4020 3776 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4a1cc19e7fb0d47d9112907676a64616_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb820c46f8,0x7ffb820c4708,0x7ffb820c47182⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8106039914515119957,904579310203755248,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8106039914515119957,904579310203755248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8106039914515119957,904579310203755248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8106039914515119957,904579310203755248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8106039914515119957,904579310203755248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8106039914515119957,904579310203755248,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2704
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2248
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4872
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
5KB
MD5ecccf36502e4f085063ddd3789c1a9ad
SHA1f72df74fa333dc640b0b894646a718bc83794ffb
SHA25645171af417561615a1c10e378226c04f68fa6afe128aea0eb6d90a9b6de9f4a1
SHA512154bdf2c2f4917ce90dd92eba30940341cb8780d3015d7e4ab72c4f229778fce997ac5a77ac67a1b44bc2f735467d48fdadf9851372004768745b81170e4f96c
-
Filesize
6KB
MD5b824c3ba22bf3f901be681474ee017ad
SHA1c257fe0f35ed1e981b490b3b28dd943c3aa000ee
SHA25618200faab4aa27cdc3f5d6b526a77f58d202d57816f8424330acdd1f70174e56
SHA512fd4545edad0d4be8fce545002dddd8a8d930a6bb481dac2adb8c15e721f62bd8511203e0082a05c851a2cd3f655c85bdd1c8caf9f1aff25b8b4ebd37bce228d0
-
Filesize
11KB
MD543ae603dca79a46ff25076bf0d883b5a
SHA17a8106b2438dfddc13fda8d95e545e8a21f234db
SHA256af4af2a288159b6f62e03945f01df99a68da62c61a2079ed260184dc3631173a
SHA512f94f92c07a13e3a198ec51ed08720975e884e1d32914f6c9615f5c65a5c85fe94841e4b8671e70e60de3b6a154bc6952aca99f0375328afb79149041dc027b06