Analysis
-
max time kernel
149s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 22:06
Static task
static1
Behavioral task
behavioral1
Sample
a29e3924d5678922d73022da25fc3449_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a29e3924d5678922d73022da25fc3449_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a29e3924d5678922d73022da25fc3449_JaffaCakes118.html
-
Size
139KB
-
MD5
a29e3924d5678922d73022da25fc3449
-
SHA1
3927065eadf363981b8998166557a95dd3006d65
-
SHA256
5dc1e0e09623fc6578280b847850ae9aac1164e7399d49d847121a376905f669
-
SHA512
91a716a9fab8b125d1584e7fad5603bac0a26db55634d7c97316a8b8a23ee141bf0a1245dbd70b571638c60ada52872c28458037780daf47cea36de72e86d4c2
-
SSDEEP
1536:SeDttYD7TYvl75CKCyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:SeDVzAyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4380 msedge.exe 4380 msedge.exe 888 msedge.exe 888 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 888 msedge.exe 888 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 888 wrote to memory of 2440 888 msedge.exe 81 PID 888 wrote to memory of 2440 888 msedge.exe 81 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 3168 888 msedge.exe 82 PID 888 wrote to memory of 4380 888 msedge.exe 83 PID 888 wrote to memory of 4380 888 msedge.exe 83 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84 PID 888 wrote to memory of 212 888 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a29e3924d5678922d73022da25fc3449_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4be046f8,0x7ffb4be04708,0x7ffb4be047182⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16562283201263946634,18006413616435194959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:22⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16562283201263946634,18006413616435194959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16562283201263946634,18006413616435194959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:82⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16562283201263946634,18006413616435194959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16562283201263946634,18006413616435194959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16562283201263946634,18006413616435194959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3768
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3484
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3208
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD51bd822e1422e47ad764b35285ed053f4
SHA15cb6917b9f7d99e8579d499041f0b431a6db064b
SHA25683afb3b1e10feb6079070e63b20711b72d2f667e72014458cd86c73d244bee3e
SHA5121f8deb9d8ac57d5a50ab84b4e68225fa43bd5deb12e3c2b925cfbed942540de1009e37f5df2f2a450cb531d35eac3cd07e60ee8f79492b3c27b2539f4b211200
-
Filesize
6KB
MD576587be5e75bf1e53ae47087432b7e5c
SHA10eee346075765dfe1c5b8eea684e83efde7f9a69
SHA2566b8fe4b605bb96a81a67bac1baa957fa39e3ba6e6ac4f7ec1e5cc029d1609105
SHA5120d247b31aa531612af75dae77bfc1f22a419c5b9d4d00f7ba0cf5b2434b4dfbbde2d33f2052ed3dd3bb9ed99bf6a45edaf9236c17c2bfd4d8b39f556a55bd142
-
Filesize
11KB
MD554f5407a50cffb1c00e527ae50bef516
SHA1f15b7cd781cfee870f1065ab1a1e0d131f05b1b6
SHA2565c4c2852244bccf0eab1d5dd3810a628b6755757ef940a99f27781a2e6581246
SHA512c6367e4205a8bcf78c114980c416e208427589dfcd1355024891ae421f3297afae6ce4137e0d85c46d44d4957cf3f6d128688646c7286df1e0accb23d04858a7