Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 18:30
Static task
static1
Behavioral task
behavioral1
Sample
7a17f2859830a64f6c135a695d65823b_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
7a17f2859830a64f6c135a695d65823b_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7a17f2859830a64f6c135a695d65823b_JaffaCakes118.html
-
Size
139KB
-
MD5
7a17f2859830a64f6c135a695d65823b
-
SHA1
994a357d974549a554818be9f14d45c9f7d59d77
-
SHA256
1db6e98ca146ce1b609762a9c04c02a90ca37d2f9c4651c711757557feac8009
-
SHA512
6dc1404a73399d66e64bc1963fec252076761fa8fdc4d494af4fb7613a887faede4e61245fbaa5f78906dc18bbf2fa25c2ab052ec415694b047ab3951921327e
-
SSDEEP
1536:SJXmRrxl+QuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:SJWiQuyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1556 msedge.exe 1556 msedge.exe 5052 msedge.exe 5052 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5052 msedge.exe 5052 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5052 wrote to memory of 2988 5052 msedge.exe 81 PID 5052 wrote to memory of 2988 5052 msedge.exe 81 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 4816 5052 msedge.exe 83 PID 5052 wrote to memory of 1556 5052 msedge.exe 84 PID 5052 wrote to memory of 1556 5052 msedge.exe 84 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85 PID 5052 wrote to memory of 1144 5052 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a17f2859830a64f6c135a695d65823b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5052 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc840f46f8,0x7ffc840f4708,0x7ffc840f47182⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,1768834784499927742,10434168957512985452,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:22⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,1768834784499927742,10434168957512985452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,1768834784499927742,10434168957512985452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1768834784499927742,10434168957512985452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:12⤵PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1768834784499927742,10434168957512985452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,1768834784499927742,10434168957512985452,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3876
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3252
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
6KB
MD58464e79e1ef4ec3b26ff24d59c69f2af
SHA17efd8c20bee2da26f3696da81de3dc3254bf70b4
SHA2565e371c38e530f4ef727a6547f9b53b6b33972e2e46b0430f0eb5e23bcb126d91
SHA5129409c6f48a61e7d2379c3a2c5b8ac16fb71282f1fc3cd068ffe126861f4af7ee9e0e9a6932bd09ccc8f83198a288e7e6755619f634dc54a3926f15c3e66e8573
-
Filesize
5KB
MD5cff8e2d011a2af94b61a256a506b7974
SHA1415ff95e0db132b8d06b03157d2d1a78d4fa3d66
SHA2561b294d57748198c12705c46a51bbcaf677bd76b054fa4db58b99c6639cf5ed69
SHA512a4468b9c2a52a7fc1780174a62d8827a18cdb549e04ba09587814c53ae003b75019b0f31074497fe68cb2908ff29c02e2beb6ff2e97266667445ec2cd7e15bfd
-
Filesize
10KB
MD53743821ff9476fc722b3c47ed729fc2f
SHA134c05119dc830dab9bfcb29a91f5924547a05f83
SHA256035dcdff21d1df0337b3653ba1937c4d64ea786cf27d46341b15418e677f6018
SHA5120f85cd7219a014142bb1300c731fba0e525d572c2eec09eec846a724762792782593323bfe88be87cd8752c7b98ad92004755295d7241f67ddad5aa0aea037fa