Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:09
Static task
static1
Behavioral task
behavioral1
Sample
a11a4bccb793b14637a3aee2613bb91a_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a11a4bccb793b14637a3aee2613bb91a_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a11a4bccb793b14637a3aee2613bb91a_JaffaCakes118.html
-
Size
52KB
-
MD5
a11a4bccb793b14637a3aee2613bb91a
-
SHA1
9d0349016cfc752b86899584068df9325fec27f6
-
SHA256
ce52a0fe59419653f2e550fafb931b1ce1cfe37dd3ca6f4eccf154482a3df754
-
SHA512
57698f865623c9eb77817ff4b6de5c17b418d1c5927119d2f78b6cb03b66b33069e58e75dafe521115f698726bb41eb3941f21ba9ae6d9d7edef7513068e2690
-
SSDEEP
1536:8Qoa76N+fJwCOunLQbWG0FEICa+UL2NTng4/0Ri7oOUaOTle:8QlOCOunL8+5yNTnxv7UaOTle
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4932 msedge.exe 4932 msedge.exe 3424 msedge.exe 3424 msedge.exe 2508 identity_helper.exe 2508 identity_helper.exe 4320 msedge.exe 4320 msedge.exe 4320 msedge.exe 4320 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3424 wrote to memory of 3588 3424 msedge.exe 81 PID 3424 wrote to memory of 3588 3424 msedge.exe 81 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 388 3424 msedge.exe 82 PID 3424 wrote to memory of 4932 3424 msedge.exe 83 PID 3424 wrote to memory of 4932 3424 msedge.exe 83 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84 PID 3424 wrote to memory of 3936 3424 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11a4bccb793b14637a3aee2613bb91a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeefbe46f8,0x7ffeefbe4708,0x7ffeefbe47182⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:82⤵PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:1276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:12⤵PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:82⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:12⤵PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:12⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12554496099036197855,16476295903924522006,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4320
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2036
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
972B
MD5c76aac74a26bc587f7c1a38780a63176
SHA1aa4f3a5b8156cda281efaa943b82a45860494ad7
SHA25643d1137e9e6462e24eb99da8f16dec9e06524386ff524e32dee2c3a78f75a859
SHA5120d8c0c0324a02c571b42ad61268275b4b55661cac3f7060b9485028e279477247383b464cc6618ae8f5db4f4549cb9003920c87528abc4b94bc3adac8548b917
-
Filesize
941B
MD53f6bdf8996c6f41cb65c7a2bcc8da593
SHA16f11c3ccd9626663b93ddb310b77c7c85f4b01e1
SHA256ce5c39daae4139786cdf13919253317fd51b7dc7456d9fac4407c121b85af499
SHA5125318bdd813d34711d6c6a5e06d2d5cb146765d90d124690f3cd3574b04c36ade3e28a58409ebfb75ba9e660ad9c2e471969413dd4211847362f23252e5e94087
-
Filesize
6KB
MD56030dd1972d27a5128312f1316b5008e
SHA1de3eaa6c7de6f6c2a6848dec6922c7cb379cdb3e
SHA256dcc04e67d4e18917a923d90ab72afc6fbc44570d6ce2f2cedc7d2b132ea5cf31
SHA51205e0f9b6ec7573bac233db593c5f4127629824d78157931a89c818835873d9edc7900cde3f65b10664db6e3df78dc69f1c9ccba54fc67c6116e0f0fbd2d30f42
-
Filesize
6KB
MD5e02eee10c80efbff36e1e4ffb8e1ad18
SHA1dfaef8168b1a9894336153716875d234f0c99c1d
SHA256020af86d5bc8657f872f440d85f65cfacc3d303e2c6871ae53bf48bda7dc8b54
SHA51207880d926ea9952f1c1356e336e908c05302f8c5c4d4b422a3368d9eb5678932a34ea14cc60e72141a094250b41696db6b6e516602cd0d71ff4e63a66e126ba3
-
Filesize
6KB
MD54b0f122370c2e985b36df2c5a990d8fc
SHA1e3ae34eadc0701d84d43ea1f017535f283d23a75
SHA256d990fb298a7bf6d0778e27759541fecfaa09978440f54a7c69025e1ef19b6f42
SHA512d99db481a7bac90d4d6cfdeac0a07751bfecf2ede3c1572e43c3537720684c468acc50f9cfcdcce583cbbbb50f7953ab41f58c10e29f1c07ac7e8f7e793e1167
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5433100345151199d288270b1c0a9a2bb
SHA18503c4417b0347d0a08749292e1677b82f978bd6
SHA25624cf277ddea78b4630bcd333a63cb9b9f5df5ffa43a50cdd597271cb40c06fd2
SHA512186ed43cef6c0d6ebaab9226fdb65f742150ab2b1a414934fbc8c4c6d8e4c46145df9eb92af95eb214cb64498dceafc8d43ffe4f93aec89469c0265d917cc6c6