Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:08
Static task
static1
Behavioral task
behavioral1
Sample
a119b98bc8433d24344d5e1e01264f28_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a119b98bc8433d24344d5e1e01264f28_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a119b98bc8433d24344d5e1e01264f28_JaffaCakes118.html
-
Size
19KB
-
MD5
a119b98bc8433d24344d5e1e01264f28
-
SHA1
0756ca05828b87874ad2af08f0df9bdf9d84e6ba
-
SHA256
b0126e9e664fd42d7f89184849435a931b1a6b144f3cdc5a02d0f809780e9999
-
SHA512
1f6dd17941c7095184e78fa868f5d227d77af07589bf1a1ee99559014b8a354aa363f889ae93b9cf7184f5ee487096766fd7e0b58c60b2c083a8c0d610c4c04c
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIR41zUnjBhXJ82qDB8:SIMd0I5nO9HNsvXixDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3600 msedge.exe 3600 msedge.exe 4740 msedge.exe 4740 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4740 msedge.exe 4740 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4740 wrote to memory of 944 4740 msedge.exe 82 PID 4740 wrote to memory of 944 4740 msedge.exe 82 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 2660 4740 msedge.exe 84 PID 4740 wrote to memory of 3600 4740 msedge.exe 85 PID 4740 wrote to memory of 3600 4740 msedge.exe 85 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86 PID 4740 wrote to memory of 4128 4740 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a119b98bc8433d24344d5e1e01264f28_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb319846f8,0x7ffb31984708,0x7ffb319847182⤵PID:944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12873737672455630806,2242323447665113052,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:2660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12873737672455630806,2242323447665113052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12873737672455630806,2242323447665113052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:4128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12873737672455630806,2242323447665113052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12873737672455630806,2242323447665113052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12873737672455630806,2242323447665113052,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:936
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
Filesize
6KB
MD5484044f20226e664ac8aaf4a66816e66
SHA10d196e70e3796fa566a62290dbaaaf6ff283a0b6
SHA256aabed2dd3e6d81fb6e17e7ddbe1c9c57fa589d8732b629b6c69f383da27c07e2
SHA5121d6c59d120b1130f9645da1b81496e5b64959ad29d6e22b78918a92a02287b2065bd138d693945193fe5fbbc9579240d425b3601869b4570c57b7e767e4192e5
-
Filesize
6KB
MD571a655e1b279796dc0ca7aba5c682332
SHA165217ed7ac2d126e1b463ac16e977396ad411f21
SHA25663cb84c2179b18c59db96b35240ca9c37bf3f38a25ff1c4505bf553576340781
SHA5129d06d05131a8465447b6b4a42a201a32a057903a98db4e7fa8c23ffd672a071c75cfad0481b6e3d6ee7cca6051817d9fd6c49fe5bdbf075d4aaf6703e71f151f
-
Filesize
6KB
MD52463182bd5838ba4acda8c6b4f4958fb
SHA17194588a78b8428d6f8022e91fc53fcc5a5674fe
SHA25628fbdc4164d4959809a91ea0a278b4b7295795962b513bdf05e0c8c920e584c0
SHA512987c1cfb5971e6d3433739ca68288b422d40f8db1bf2ee9087a66b5ce054caa8f017564a4215037fb40e7575566231668d3d0e6967f3a84c6fdd2b220c4b41c9
-
Filesize
11KB
MD523c09e731d0525567ef4d12866b4228d
SHA1041f4312456bb036a54670c95ceee5c7404e63b2
SHA2566a421945eabfcc97b41a8a2770adfbad52d8c0076b89cd9ccef0058c8b3122ad
SHA51273e7a062aa42ccdf0a6e1d69343343ccb8b883cf1e1561d9d24548f3d486f4e9783ffa449eb03a6744a29903dfdf476b40627c769ebef4f1e79ea3cd9ed04e1f