Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 22:57
Static task
static1
Behavioral task
behavioral1
Sample
a2cff35c16544d8e5f6177e6c5966c49_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a2cff35c16544d8e5f6177e6c5966c49_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a2cff35c16544d8e5f6177e6c5966c49_JaffaCakes118.html
-
Size
30KB
-
MD5
a2cff35c16544d8e5f6177e6c5966c49
-
SHA1
1927e71bbf6010dd68f25c7c593fe711dcb57920
-
SHA256
d5da1caf07ece8fa8656b5df4d3c2b347fc251455060cd2a17244cdaf74e50a7
-
SHA512
cb581c62ba38483d0b3f74e912d7f3469cedf4a84e9699a017875a24abdbcdad1b2510103bec86dfca4ef6cbf17e8b8c3befd6cd818d6cc68aeedec3cb47b853
-
SSDEEP
768:swA2k0VjIDCeCzCKCKCQCQCgCgCq2j9wNLzKisqAQNl:s/2k0VjID3+jjNNnn6junKisqAQNl
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1888 msedge.exe 1888 msedge.exe 1584 msedge.exe 1584 msedge.exe 3232 identity_helper.exe 3232 identity_helper.exe 396 msedge.exe 396 msedge.exe 396 msedge.exe 396 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1584 wrote to memory of 3704 1584 msedge.exe 82 PID 1584 wrote to memory of 3704 1584 msedge.exe 82 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 4264 1584 msedge.exe 85 PID 1584 wrote to memory of 1888 1584 msedge.exe 86 PID 1584 wrote to memory of 1888 1584 msedge.exe 86 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87 PID 1584 wrote to memory of 4640 1584 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2cff35c16544d8e5f6177e6c5966c49_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1584 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff810c446f8,0x7ff810c44708,0x7ff810c447182⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,1947553081814814490,9881227388519009382,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:396
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2068
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4592
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD53ca30cac61fa819a253ccd9eb1f0fb8d
SHA1494a571916ba1678e89285409b1e037cd69b6161
SHA25656d2c1241b5ccdf751d4c6a28e74699602dee42a3b35e42938abc39f0afebf51
SHA5126701735fac6a126f1288cbe500092bd83f2200ce587229feb62866c9647e9262503fcbb1ccca4de3da5da5224c53ff20be0942bf146480d24ddcde3a5b67f8a5
-
Filesize
6KB
MD55adf0d94ae54983400d361fa2da8197e
SHA1131d16ee2d9edc7bde0476097db489838dc28d63
SHA256f677e2365974a1169b3b83d88f31375c45b0716bc86d08571b90393e3defc1f3
SHA5122959f9705f05fca5937c6acea56856a9f370646f0d35ea2959464c92c3e0a6ef56a6b1b49869b727dbca31288c80e3252c39770ca452b0d1d0eb94a45fbebfe5
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD543c166168bdbe11058a318caea901901
SHA1baca28dd4c0675e0e789b9aafac3122e0d26f0f4
SHA2562655fcf27b2539d419667f46668c6878af130e92dba881e422d3930c05a967c0
SHA5122daf333340f1574ba09af9d3828d5c2993ee91e75db0073af5b7959e1eb0864a832d0caca4ca907970981cc2e8c62ceb888222a10e3e7f1a88fd054b2b93fdfc