Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 23:02
Static task
static1
Behavioral task
behavioral1
Sample
a2d5b6556db5fd0cb27b1a17ab7bfaae_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a2d5b6556db5fd0cb27b1a17ab7bfaae_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a2d5b6556db5fd0cb27b1a17ab7bfaae_JaffaCakes118.html
-
Size
111KB
-
MD5
a2d5b6556db5fd0cb27b1a17ab7bfaae
-
SHA1
1a74a99fbdc069fcd2a4987b92edf77591bf9cfe
-
SHA256
409bdef6ceebf7265837be6a53a77dd9c0252cbee11637368920ebe044b787f9
-
SHA512
c0526aecf6df8122fb2c4f3c9f99301ca94723081c40e190288c5f3751993ff3c3b4a4da4c437b06d6e68722435d18c63332410970e419a912f1aa85851ad2b5
-
SSDEEP
768:STmWZs5jfzEB23WjYlqwqulO/Wq/P0zrRoH6WmY:STmWq9fzEB23WAqwquFq/czrRoaWmY
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4064 msedge.exe 4064 msedge.exe 4308 msedge.exe 4308 msedge.exe 680 identity_helper.exe 680 identity_helper.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4308 wrote to memory of 5092 4308 msedge.exe 80 PID 4308 wrote to memory of 5092 4308 msedge.exe 80 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 448 4308 msedge.exe 81 PID 4308 wrote to memory of 4064 4308 msedge.exe 82 PID 4308 wrote to memory of 4064 4308 msedge.exe 82 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83 PID 4308 wrote to memory of 1932 4308 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d5b6556db5fd0cb27b1a17ab7bfaae_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4308 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffe197b46f8,0x7ffe197b4708,0x7ffe197b47182⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:82⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:12⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4198068135345839953,6017599455524224419,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3496
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4480
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8e4b324d-a45e-4092-9f63-baeca8efa218.tmp
Filesize6KB
MD5f07596c71d3ae388a46d9be7fd5a7e7a
SHA1f9b237c41b74a05eb0875db86e81e1aa29094570
SHA256cd1c9896f6db713bda9ec89ae7d4e31a4c941cfb3006d27eac35418546ae449d
SHA51205a4275d85d065ee6ee33def6fa882ec3c33c68ad97b37ed6843cf562e110015fe71c62e59c031359296555522dcb90e3b3898c7aa3fb00e8dd81c73d66c301e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD52c07b8ac97488f575ce35bb8a9a01021
SHA11c7cf01a5df1b4a719f371fd924241870cbbd802
SHA256bde2b3ae3807a609c88e19d2a35a65e15ac985c4d63669c9db2491af27776dfe
SHA5123a5a2829778cd2fed0363ee469546e2c949c314204da82436df9de4d00efc342d1f954f8243d4066e25b69172973223736d9963ccd36ea6b021ebc3e26b6fd21
-
Filesize
324B
MD5ff17505b02d988cd94ac6b26bf718018
SHA169f3ba890950867b858fb4c1bface08058ddc38d
SHA256d0718af13cae3e6a7b66a86da4da75938d0d6b84bf5f9039f812d588ab9a02d4
SHA512c6570711fc94751163c9a7b8f9932d51b7e472e86707ad8a651f76814408b01e00a0f4710d680f9b168c510bfb527dc3106a254e0747f3254afadbfc73737984
-
Filesize
6KB
MD57575cc5f32d92e5eebe58062e2a45aff
SHA1f369d4561b8cadfcea275e3be7603b35f4b91cd4
SHA256941d0eea98dd9d02f1d33ad14658d4484b0d102ac735057d3dec542104a2686f
SHA51201b46f29bce14c080d1b43211aebcd0f10b6780dde84b8f21d6468ad6738f282c1374e0265ca3caef79e21c44553f295d19e7c35859edb1ef2009eef6aed51bb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5153cd033e019495d09e5f3b24f29ca20
SHA154ae481c8a21fa5eeec2ef2d3d1c442af4025ece
SHA256aa46a25dc65b9a0d56ae322b7cf9ca03ba37cc3006bef275e93c3949d61c4eeb
SHA51262d8c9c8948c955ef0a823c71dad49734c596bdfcbbc27ccc096e4b9935537ac9d1aff5507f9e013927ff030f91edfda55260c5c03e6efca5d05b8afef554058