Analysis
-
max time kernel
144s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 22:59
Static task
static1
Behavioral task
behavioral1
Sample
a2d24210d99f1907e2e61e5b330f0bdf_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2d24210d99f1907e2e61e5b330f0bdf_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a2d24210d99f1907e2e61e5b330f0bdf_JaffaCakes118.html
-
Size
251KB
-
MD5
a2d24210d99f1907e2e61e5b330f0bdf
-
SHA1
e988f69a7b7e717278888522d576b8000388048d
-
SHA256
5fd9805939bbb6489efa2644d40d18e5f73904efb12a3dd3a73e64591fe87253
-
SHA512
295086bb5971f9c49b8718c19148692ce555ec05de081a9270d3c5070589630fa60536124c15186631c9e0565a9290b6ccb6eab838109409e36210f0195ec72b
-
SSDEEP
6144:L9POhwsNW0/SF9ALaN2biauBJgI+U3xWPPWnL:L9mhwsNWCSLALaN2pucI+UBWg
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4928 msedge.exe 4928 msedge.exe 2364 msedge.exe 2364 msedge.exe 3384 msedge.exe 3384 msedge.exe 3384 msedge.exe 3384 msedge.exe 2648 identity_helper.exe 2648 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2364 wrote to memory of 1908 2364 msedge.exe 81 PID 2364 wrote to memory of 1908 2364 msedge.exe 81 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 1440 2364 msedge.exe 83 PID 2364 wrote to memory of 4928 2364 msedge.exe 84 PID 2364 wrote to memory of 4928 2364 msedge.exe 84 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85 PID 2364 wrote to memory of 1348 2364 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d24210d99f1907e2e61e5b330f0bdf_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90e8746f8,0x7ff90e874708,0x7ff90e8747182⤵PID:1908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:1056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:82⤵PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:4200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵PID:3700
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2312
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2924
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD51c0d91710ffeb77029ce19043a4b204d
SHA11e8e50ff04f63c49754e2ada5ca205371ebdd236
SHA25646dcbeab3a6e114c3bb07bef88ec7202b9dabb78c34cd29d10377113e78ec40f
SHA512eb75191857f68e0ebda5970861bbd94d18a7ef3974e010565e81c03745b17b3c4932a209fa7fc2083f4f6829232b7296b9c51890f957cd14505261eca7127cee
-
Filesize
1KB
MD516ff8ef949d320d90a2a146d287157d8
SHA13260bd14b425d6e89442087387ca24e0ec5fe943
SHA256cd93660d078fea9d26e3112b8d1bb69eb39525c800d291957aa67633109ef917
SHA512003e51aedc46064eef868f570411b6313b09b28bd9c01b9a7051ed382ba4ccb36d5cc5d5bcf3271ab1d1e2c1d8c1fb3dd109fc6c667d04bd849e61b5c7c59295
-
Filesize
6KB
MD5ab5c0a1c4166efb05a6a9a51661b69c5
SHA160d69d1598dfce7e8b1b3a6e48c8dcbd44051812
SHA256710e9eae945d4628a6dc3fd86186654a459fd4cdf34733183f66c29f95e26a8e
SHA512f4e77c7a680b97ceafefd171f8973812f0357dc1101177fce71e382f49c856400fd28ae5f0ae12c120fb2bdcb4d786965959a5bfa52e83de919aa2013cb0bd42
-
Filesize
6KB
MD55e2e268a72fd38c82b688867ecd5475b
SHA1b739ce78536605ef4cccc7fde87704add81b6487
SHA2561e1621a805b3f959292ed96148aad1250e4b7b1784ddf91a75810e2619730ea7
SHA5128c0439269114a52fd7eb35680ccca1dc467b438a598eba57a6470d1c066f3cff40dbb47257d05c99e05d2b34caffaba26b4c3049fde7306860051771d7878b79
-
Filesize
6KB
MD525746368f843c23bc3e582980474f62b
SHA13dd6c5b2291120f22af7b14baf9c5bebceb7a0f2
SHA25644a2b43e828c802ecef8a87a24911f355efef3d96d665aa2d182e2439afb7841
SHA5128db330db1e4b8d49bf0f13c83cb8e181889279fb675315480e78d89c4691acd1d878f113d8b7d536c977ba0658c82758b60696a2cb18fcf1347a2bcd78c20190
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5aacc2a7bfaf6909e7a2d95da2268e44b
SHA160001d0b04286392dfc2c237ca0735c8f456f384
SHA256d123a327169c50021de9dc98dae05fa3f73630db60b52be7f04fdf4737ad0ebb
SHA5126daca14c4f8d5b5908764c1984e95ea593115ef1808a0850479ff361e1940d18ac91a6cff383e19a9035a823a119369644e309c33029c611810123efd5547d49