Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:12
Static task
static1
Behavioral task
behavioral1
Sample
a11c560c18079a36e255a7bf5bf76fed_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a11c560c18079a36e255a7bf5bf76fed_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a11c560c18079a36e255a7bf5bf76fed_JaffaCakes118.html
-
Size
57KB
-
MD5
a11c560c18079a36e255a7bf5bf76fed
-
SHA1
1c0805a9570b88dadd91a2b7c9e14c91b763da7e
-
SHA256
4d7d5c3f1fe402d16b70b886cbd81597d3a31959d02a82e7a0627374d4d58dff
-
SHA512
3cb67074eae0895f7f12498f863c6e6d1ebb5bc1ae0ffe51da47a660ae88ff983fbfd0c91992001bfee62cee9b257fec29d258d0bafc3bbc034fd3fd46cd0fbe
-
SSDEEP
768:6LdpHvvCIool1jMQWkJEK7isaIawmx3LWqt/EAKzhgVb:6DHv7oa1jT5JEKWsaIrmx3pEAKI
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4040 msedge.exe 4040 msedge.exe 212 msedge.exe 212 msedge.exe 2976 identity_helper.exe 2976 identity_helper.exe 4288 msedge.exe 4288 msedge.exe 4288 msedge.exe 4288 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 212 wrote to memory of 1828 212 msedge.exe 82 PID 212 wrote to memory of 1828 212 msedge.exe 82 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 64 212 msedge.exe 84 PID 212 wrote to memory of 4040 212 msedge.exe 85 PID 212 wrote to memory of 4040 212 msedge.exe 85 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86 PID 212 wrote to memory of 1976 212 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11c560c18079a36e255a7bf5bf76fed_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:212 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa42746f8,0x7ffaa4274708,0x7ffaa42747182⤵PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:64
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:12⤵PID:2052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:82⤵PID:4000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:12⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:12⤵PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,485843065213222366,3613128956508062230,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4288
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1988
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5016
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD511d2c4f043cfe78096a8892d9c0396ba
SHA1349f348cb73f3f540fc608e423299b2447878e63
SHA256caa24a35753f1515e7e94dd35fb843e8d2239844533bc4f31018d6d850634eb1
SHA5121841039ee8b2eb730b939e3b7909429a03cd85f9c4f751ff43706814cb432c4c1fbbdb1d404c243dde755c22d0ccc2471303b3af98993d2345850220dc55facf
-
Filesize
1KB
MD54aacbc282cde172f5e2711fb30eaf3f1
SHA1f16e2c98d88fe971fe41312aabd57262f875d25a
SHA2562b75ef641dc0e9536fc30b3b39e4a53327b69fc8778e79ce73b03d78c5ae8fab
SHA512ca74489ce4f972db122c8ae7cc2c9b1c066b08efb70054f082c71047011ef48610646d52f053679a39a93d8e141d2459741e3ed77b46e620e47a9d3c4ed1c4fe
-
Filesize
6KB
MD589c0e775550ad94d329480b7c00f9861
SHA15b19cec5585546d7688e199a3c0389fc92ff7157
SHA25623174af730d72d7a31a27bd953f0797629c54c6d279cd5b381f2da2bd2b4c9cd
SHA512cf0026db45af02d8e78dcf73eb2830b5f065bacc1bf2b3c10d1462c4e3a4ff2ab6ac3836d58d1b21303a4c4ade322facae577080bb2fd410b11756db7e17b506
-
Filesize
6KB
MD57f135261b5a09460cfcbc17fdf2f3ffd
SHA1165d1ff4fc9b207111313910da65061bcddeeab4
SHA25686e22b5423937012171587f50d856f988122a066da2e1351a84f5604683813d6
SHA5121cf6a054c4aaf5b25b2ba163ba0c165679fe96f37bfb0af85117615c5fc284e30bbf0589076194ec29edd94a3e268c853ed5bbda2c6e3f94ec3e9bb080019494
-
Filesize
6KB
MD588ee8b6147e41da7cee9b6d81ca197fd
SHA175fef312384aa21f99c4cc584a1a67a93cabff05
SHA2560e10ac05c7fcecfb509c1e779aec183f0897c72b6fc37aeb323e3979dcfaffa8
SHA512759841716499788a7b750d86386ae21a09923022797861e3c383a759582e4b36604232dedb7476f6e780e8357e2c92dd0c2f0539148f08579ebc399096341e4b
-
Filesize
6KB
MD595c4c8e6d7a9d4398813236f52b1f6bd
SHA119c2df441aee8a048bdd29f0e66668edd838e9da
SHA256cd9fa0b6a3f13f7117d1b8fe3119fea1b55b0da35b46b9df767e2570a6349c54
SHA512ccb8d2970fdefb0234c0de3aac23b52087432521a74b019c575d69d0f1855ff624c168be63d530f1627d94e5d15863952c056a3824764517c2025b1b251497f8
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5d7f5648a399876f0f00159a5c096e7e3
SHA146b0d4f95ce02cc307670165309b69c9ec01fe1d
SHA25615775bccf28d3c4982cf781684593aea3d29bf854d210dde26b95f3a2cd14f94
SHA512d46fc3d119fdb61b5c176ac02177f9cab732cdc2973d1a135764d8f93afe30d011653bb13cc98d2d236a6db7a81a19b7163419dbbb1dc8b7f99c12035ca92d98