Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 23:42
Static task
static1
Behavioral task
behavioral1
Sample
a2fab934e3c40673cb310010b57418a1_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a2fab934e3c40673cb310010b57418a1_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a2fab934e3c40673cb310010b57418a1_JaffaCakes118.html
-
Size
184KB
-
MD5
a2fab934e3c40673cb310010b57418a1
-
SHA1
0bf535e902d8ef8ce72077eb98ff1ab5d6bb96b3
-
SHA256
fa1bd36e4f33b85af1e286510e4d1e4d876eb946f6e4c950dfe49051f64e2ac6
-
SHA512
94b9024c1a07d20feb1d271a93db7da852b734c09341cac6a0084054697ee1c456012b1b17aa95c535e9aab2cc80a970cbcfa93ef31fa6702107b1bc84a8eaf0
-
SSDEEP
3072:SdU/yCyfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFiM:Se/yHsMYod+X3oI+Yn86/U9jFiM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1624 msedge.exe 1624 msedge.exe 2004 msedge.exe 2004 msedge.exe 2684 msedge.exe 2684 msedge.exe 2684 msedge.exe 2684 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2004 msedge.exe 2004 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe 2004 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2004 wrote to memory of 980 2004 msedge.exe 81 PID 2004 wrote to memory of 980 2004 msedge.exe 81 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 3776 2004 msedge.exe 82 PID 2004 wrote to memory of 1624 2004 msedge.exe 83 PID 2004 wrote to memory of 1624 2004 msedge.exe 83 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84 PID 2004 wrote to memory of 3568 2004 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fab934e3c40673cb310010b57418a1_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffa704646f8,0x7ffa70464708,0x7ffa704647182⤵PID:980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,8929455165835964103,10271664402358648209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,8929455165835964103,10271664402358648209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,8929455165835964103,10271664402358648209,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8929455165835964103,10271664402358648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8929455165835964103,10271664402358648209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,8929455165835964103,10271664402358648209,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2684
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5116
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4752
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
Filesize
6KB
MD53c8c77a49eccf026e2b72e18b23141a6
SHA137009895a69cdba63c86fb8fd08476ef52f7794a
SHA256d70fd801a00c93b6a4e5d2af45131c87cd96280563565b56d1722df872d4949e
SHA512707120d6b7f266dd9207fdf3713273f4a11a795a838b589e5180592b37744dc11d818be63bc0bbd5e2ea9429fc7bf42eaedc0249051a6308ac327fa143cecddc
-
Filesize
6KB
MD53d110ad436320de4c2e9a6f9695e1e52
SHA13b32a2c33cdb6b9f8582ce5588321723ebe9746d
SHA256481aab4f00655caf25f900f7eb31d674e5ed5e05b54cbcd664aeff72c8d09f4a
SHA512864c480b750042e992e7e83ccaf29621fd04d4c93c1bf5fe773628e86970a892bb2955647e85463334258469b12f54b8f572e0729922d7fcfb38097007ac7af9
-
Filesize
11KB
MD57a13b9dd78943f8e8116d6f2af08c285
SHA138df64d4ec193869f63f6ebbc22cc91d993a0b9e
SHA256244c704c25f3b63aada149d5104958d75677342410364c242b1f385da6b8a573
SHA5125a90854e2f79498a1b8dde22c7731db0d1d9f19c9b91daeab890565a812f810e46aa6ae7126b668e109e7f76666d76910ba79732c1d81ef284928a13618e6ca3