Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 22:56
Static task
static1
Behavioral task
behavioral1
Sample
a2cece7715174097d941ea8009ad0cf3_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2cece7715174097d941ea8009ad0cf3_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a2cece7715174097d941ea8009ad0cf3_JaffaCakes118.html
-
Size
158KB
-
MD5
a2cece7715174097d941ea8009ad0cf3
-
SHA1
0f8599ef9646d4776395a699735d2ce6b1534f0d
-
SHA256
9526f6c132297cb983ea2d201d6df008b95fd8381553695e2916b55ddbde3453
-
SHA512
c41f15869bfef9b3b52ba8006ef4d6b6bd122393facd5d30775e532bc10f125976d8dcd64727ae4073f0086634904608d0fac9e037a674d5e5e40766fd739293
-
SSDEEP
3072:STl7LwSA8UyfkMY+BES09JXAnyrZalI+YQ:STl7c8ZsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1704 msedge.exe 1704 msedge.exe 2716 msedge.exe 2716 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2716 msedge.exe 2716 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2716 wrote to memory of 4076 2716 msedge.exe 82 PID 2716 wrote to memory of 4076 2716 msedge.exe 82 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 560 2716 msedge.exe 83 PID 2716 wrote to memory of 1704 2716 msedge.exe 84 PID 2716 wrote to memory of 1704 2716 msedge.exe 84 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85 PID 2716 wrote to memory of 1780 2716 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2cece7715174097d941ea8009ad0cf3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccea246f8,0x7ffccea24708,0x7ffccea247182⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3387520224691280214,16989333769962669011,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1900
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3276
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3828
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
Filesize
6KB
MD5659ccdc4928d4f330f617fb04d950baf
SHA1b79b3ed0bb9f3a40a089fda5bf054eb02cdb70af
SHA25656d10163bd55a62659e9704ab2adb08be4ccd8a781033e6d4d44bf99d77ece09
SHA5127f3d6fd393295afa4ca194eb5295e3d520f3ad83d3e79353a46622da5905f1486645c5832f42299cc07e07b11dc9fffc5a1ebf33869154c6a9ddedf7d19c42d4
-
Filesize
6KB
MD553ee825b5a9627f5b7d5667341983d52
SHA1f0e2e1b248791db71ca3343c50424177fc20bfc1
SHA256ce007ea2d0f458022d76ad51dc7304fa5356c499e30120d8675ed1218ff81e12
SHA512ebca4ac7f37abcfc5ab386da93b24367603b747a457350db4ce3a6859a5ae066ac304d838f8f27d6f23b2fd0eb0aca0351397471ad3f6f467360095b41d5666f
-
Filesize
11KB
MD5fce188247a0812460cfb380dc523ee3e
SHA1a438776632b8a285972d46a6c2ba4c91dbdfd13e
SHA256dc901b4a6df4e1e07fc7fb10f0c7dac95fd666a242f99fb29a9a96a730199416
SHA5121b5b29c619f38b01413658d1a1c63f47074710cd2df160cd9257c4246fd0a4e1040ca9d66c595f9734c957c8c1d217fbc1cf18767ffda4f4cdc94fac5a96d5e8