Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 23:42
Static task
static1
Behavioral task
behavioral1
Sample
a2face381eee4c35bb11a2e1b5c06fc4_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a2face381eee4c35bb11a2e1b5c06fc4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a2face381eee4c35bb11a2e1b5c06fc4_JaffaCakes118.html
-
Size
2KB
-
MD5
a2face381eee4c35bb11a2e1b5c06fc4
-
SHA1
ffcd963cd6c79ce9d8a942fa9ea2aeae3fc17943
-
SHA256
bdc6fda48fea12fc4bb5e42adde384d840880729b943316c7a96d09e6005f90b
-
SHA512
644c8d12579207f79af6d65f15a840a33aca25d01da09b53c2ca85b1d5f648e7dc815f08399843e0d717c1fec9a5256bdcec0721d5c992f1c1edb34141e0d4bf
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4920 msedge.exe 4920 msedge.exe 4640 msedge.exe 4640 msedge.exe 3336 identity_helper.exe 3336 identity_helper.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4640 wrote to memory of 4804 4640 msedge.exe 81 PID 4640 wrote to memory of 4804 4640 msedge.exe 81 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4768 4640 msedge.exe 82 PID 4640 wrote to memory of 4920 4640 msedge.exe 83 PID 4640 wrote to memory of 4920 4640 msedge.exe 83 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84 PID 4640 wrote to memory of 2348 4640 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2face381eee4c35bb11a2e1b5c06fc4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4640 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf8c646f8,0x7ffbf8c64708,0x7ffbf8c647182⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵PID:3392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:12⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 /prefetch:82⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:12⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:12⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5916 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18322362825883864073,11899029687025755597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵PID:2380
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2804
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4512
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD5be923e5aead0a9565fac51a57cb160a5
SHA1338dabad615c82b8dd4cb4842220abaf3b087a7b
SHA25609acdf36c7331f73a42bbcc23c7906383608571025ea6d081ca26b0f7f533b3d
SHA5128f24060f9a74963dbf843f4c52736135ebe47d87c177079252482bdf14b33a9e21f3a89616739ba3ae360a5d6c9641cf7ce48d53591802b9645d9becc88a07bb
-
Filesize
6KB
MD510591fcef58730dd22a1e2a9d3f105b0
SHA17c5702c01f58cb003f1b546abadc8b505ef6f507
SHA2564ab0f746723eee10d445943639fce0888d1ebef64281bcf1173f6e29072d6791
SHA512c176eaa3dcb2159feda18ff83c73ff94ac5d4e6ac89abe1d2b65c70480af19bf7e3e32b2e4adff94355355e43247ac9f58ce163fb42269796ba5f7ee70a0df47
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5b341a5541982f2d52557e5fb75b75037
SHA1a0dbc8f105d3b260433ef4ce5889e8265f5f297c
SHA256a4601ef9cf1a6f07c8e6f86eeaf5fe40d2dcf2d94da0fceb43dad348869867db
SHA512ec8ea70b83b995fe801b19b810d5be938043ff57b5a900e9ba965d58ea4fa77de9e46a0e1ee97a5e669f0d746e6332a7c0d1c6edb776ec411d58b065fdbdeefa