Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 23:06
Static task
static1
Behavioral task
behavioral1
Sample
a2d8db437d6efac2376ba98436b50f25_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2d8db437d6efac2376ba98436b50f25_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a2d8db437d6efac2376ba98436b50f25_JaffaCakes118.html
-
Size
99KB
-
MD5
a2d8db437d6efac2376ba98436b50f25
-
SHA1
14f05c433a44ab48531eecb810b963f3e83d179d
-
SHA256
86940990edc33cfcdce74a821f2c0eab5f9c0f33ffead6db92b7a8134632b77b
-
SHA512
b5ec9f42ef54f2dbcfbe784942da571454690457e58074d294b1c31eecd5be4f084d8c29920524248d7492dbe5c7a33db46ea5eb5b34b8916d83ff4867e1774a
-
SSDEEP
1536:gCqHv7oaPLdFXYUa+eFFHfrYxr5Wr4KJuWekOmRYCpOYLQu1:gCqHTlMK7luRYCpOYLQu1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1600 msedge.exe 1600 msedge.exe 4476 msedge.exe 4476 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4476 wrote to memory of 752 4476 msedge.exe 82 PID 4476 wrote to memory of 752 4476 msedge.exe 82 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 5092 4476 msedge.exe 83 PID 4476 wrote to memory of 1600 4476 msedge.exe 84 PID 4476 wrote to memory of 1600 4476 msedge.exe 84 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85 PID 4476 wrote to memory of 3232 4476 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d8db437d6efac2376ba98436b50f25_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0ef46f8,0x7ffed0ef4708,0x7ffed0ef47182⤵PID:752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9435122108082700806,864075218535537715,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4804
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3428
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1196
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\02868cf7-7ebe-48b9-be71-6c40d7fec2fc.tmp
Filesize852B
MD5d1d3f2979c887173824a3f616638a0b4
SHA1c3183218b844fb8a5e6b7dbc0b855098a7c82d8c
SHA2568d17332da2d8f0223bbf77190a2cc33df9e2dff3c36c3cbecc71045ceccfbc7f
SHA512cf2721d3be7205835b1f617e9f7b8ca796041c28c693ed3887a435a514d23a352f9af72e56da93ed909755e51cf0a790077cf36fa61588342a3635d5bf0965eb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5c056563ae334ef7355e99da45f42ad98
SHA19b6d4a06fd3c06ef4fb3b677eb50e32e9651fb7b
SHA256466963f3f0e189620ddac461b9708dc185501dc58203dc15a29352ff5aa0f851
SHA512eef0e8b588ebb12853115a35d7765738c48a0adf6b35ff0ead37f375f3618c90fc9ac76dbd07aa98b8002abec7c5b468364bebbdd0139cc2f9adfb9a8d793664
-
Filesize
6KB
MD5ca8ef4b8535f163d5f3f7d43a7a8239d
SHA19c84b76634d439bc95b044a5cab449283af6bb14
SHA256226ad8f1448cfbd139d20abe39fd11cf7aaad63bd1983e0cc550c68b6ea5e161
SHA512ca31b17a6f6cc586b4a7abe294bd22b52fa565f303a6c24f4db59bb46b8f478ad27f7b253685520bfbacf779e21f7838b95e9ff3f9adc4c6ac288a5a566e5c03
-
Filesize
6KB
MD5f6e57ec45a4292fddfb8529f97060a2e
SHA1e5a200d3ed4bf67084db2efeb677b1fb442d2669
SHA256cb46bed2de36167e4283e32e3c0683be22afd9b4be55de96ddff3f72ba6ecdbd
SHA5126e470912ffd83be0490df71381270e0738252e0abcbf5ef00b6221b11149bbe2921318b9111adc21ba517db91b157808e9895b906812391fe8b17726eee54d34
-
Filesize
6KB
MD51d2f5baa9c573e0d30a1c79dc9d5681f
SHA10456cc471afccecc4397b0d227ad65d554e21bc6
SHA256c9b27cf2d8ad045c6c5e28b6905cefa8dc8007a717fb5e511c9e317ad51307d0
SHA512b357ca5131f116ae90ce888bd4a9221198d8e90371591648a10ac58396aa448a3dcbf2d1496cea363e694bd1fed5efaa675698b808b8808bbcd87e38bfb65aff
-
Filesize
11KB
MD5610a65ba4f81b5c54def21c9609910ff
SHA15d43e2882b4afd49208a9b8c4030b2268c0c2f1f
SHA256070e3383007b7c7b8fa42971ce0808fdc81926608f0dada83d822fee824d05bb
SHA51287e83550df5fea9670e252775177e767244e32eae571790c20886c0b954ec17b56dae809f83956eab52c67b98100db6e61be3972a8baecfd7b2fb4edf589e64b