Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:31
Static task
static1
Behavioral task
behavioral1
Sample
a129f6d70b31830a1cc3a8e3b8ebe7b4_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a129f6d70b31830a1cc3a8e3b8ebe7b4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a129f6d70b31830a1cc3a8e3b8ebe7b4_JaffaCakes118.html
-
Size
480KB
-
MD5
a129f6d70b31830a1cc3a8e3b8ebe7b4
-
SHA1
771565ac035fcef94dde0fc4d40ad0bb3f6081dc
-
SHA256
37ec4c426b916e9ce0ba8642e9fdb4ea90708d48608126b9dac2de778e5472cd
-
SHA512
3398a91a9014a53906d0ba818aac3d69c4ed336d29dc8e7b6fe11b93d329ff7341756307be1ceb2969598dce3e083e3056087adcef8f7e2d8b217f8e85be7e50
-
SSDEEP
3072:0yeNv2QICS5FsB57Zel9mFkfNDFZwlzMk9GvKTP5mQlDQBNhM6HOeIkL4B972:0yex6sKgk5klzMkMvKTJE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 428 msedge.exe 428 msedge.exe 2216 msedge.exe 2216 msedge.exe 4420 identity_helper.exe 4420 identity_helper.exe 4436 msedge.exe 4436 msedge.exe 4436 msedge.exe 4436 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2216 wrote to memory of 3112 2216 msedge.exe 82 PID 2216 wrote to memory of 3112 2216 msedge.exe 82 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 1240 2216 msedge.exe 83 PID 2216 wrote to memory of 428 2216 msedge.exe 84 PID 2216 wrote to memory of 428 2216 msedge.exe 84 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85 PID 2216 wrote to memory of 4940 2216 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a129f6d70b31830a1cc3a8e3b8ebe7b4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe47182⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:2672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4436
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3640
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2240
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
6KB
MD5c7138ae9f55afc5d3b1cdd8dc13b0d5c
SHA1431e247b2f0d3c1584eef2413cdd982885623137
SHA2567be57d9876d8a61dec212bc9b15a90017e78bad751f59b501628704c529c731f
SHA512647a70ce213b2acaafa0f81bfe00c6d29a52cafa2e76120aae2f2271352bd9fa8256d06d1711f7a9873f88cc37f6a5427e3993f5e5e0780f7f2cd0c539a53576
-
Filesize
5KB
MD5034a4fb84d192b8b539abef6d1ad7483
SHA126f92e7801c5a9b2ebb03758ce4712b85f174c53
SHA256ce1a3923cc35d2f7288b2b552ba33a023a4d97c1b3d7d9ac50205b61d559c140
SHA51272326a45c658eff02d836248b8805e28533dc624028322e9661e49202b18a2d68cac8590e23839b85cd30ecbd20a5942f641558807a3f3d03a10af2ace5cbc6d
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD539eaa0f81e82856822b8b8456dca11b6
SHA15aac8b044de3a3bbbf7be3bdf7b6f49a2e935e8a
SHA2562e7e6c5b8912047d3c01925053e12d8fbfb5cbb8b38c822bfbc777dd0a87b27a
SHA512ca0a5247acd2c4ca8cdc1749bd2fed7129f0c30574d2f3abd015ae3f6d4e719293a3940accc2aa174337e176c6e6ec2167d933c8ae1c8b5fbf736dccf6c86c7e