Analysis
-
max time kernel
100s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:32
Static task
static1
Behavioral task
behavioral1
Sample
a12adb900d18586c33333be6e5ff5210_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a12adb900d18586c33333be6e5ff5210_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a12adb900d18586c33333be6e5ff5210_JaffaCakes118.html
-
Size
52KB
-
MD5
a12adb900d18586c33333be6e5ff5210
-
SHA1
803e02f14e91f38354ff2a6514b23d83f077ca2f
-
SHA256
c600717d11c4923856c7fc3b8fea9bd51d8c007521561b5ce3cfa5eb37b82761
-
SHA512
d6b4513acfee87e1462c3b44b6f6089fc7a261b0ae52c001e3f991c02b510155dcd1035bde21aa9681441d242854f09edd1f7e5f54e08733cbdea18b7455181a
-
SSDEEP
1536:Ab3zZKOe5n0ghNxgefN3MU39DMglNJfXwJ0:6UOe50geefR9Dt+J0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 316 msedge.exe 316 msedge.exe 4836 msedge.exe 4836 msedge.exe 3508 identity_helper.exe 3508 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4836 wrote to memory of 4252 4836 msedge.exe 82 PID 4836 wrote to memory of 4252 4836 msedge.exe 82 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 1604 4836 msedge.exe 84 PID 4836 wrote to memory of 316 4836 msedge.exe 85 PID 4836 wrote to memory of 316 4836 msedge.exe 85 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86 PID 4836 wrote to memory of 3460 4836 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a12adb900d18586c33333be6e5ff5210_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe33b46f8,0x7fffe33b4708,0x7fffe33b47182⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:2840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:12⤵PID:2724
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1488
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3388
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
Filesize
6KB
MD518a866b8851af460f97e554d5d5ffaf2
SHA19c19369e833810fc36c25b2064f26fe3c42c06e5
SHA256ded27fe83bca234a247f9708414103370cd15e2f6db7d74dffcc024d638ab914
SHA512209765b42efdb07b61a00736eea9a9fa61ff9423a7b3a934d32518c466c2f15cd1fe2c93e22b15c156c1e2500124947182470fc4250994939137e077e30d60ba
-
Filesize
6KB
MD5ab643b32edd681816fbc407584675009
SHA1989c26d9eb5f635c31775e422a010ae26f55e0ce
SHA25692ed827f7beb367d6e4d6816574f586539ddbd6559d0e511eedddd2e55285782
SHA512d0c875c6575b7bf7789b85a1a7a65b359c4a7d9675947ceefa10ac22bfdb1c0569d091b3a1727f2454bd2f9187126d2af9e2cb8d8e32283ff318fa616a31bfb5
-
Filesize
6KB
MD5338f5e6f977da67457d929eb78f17f57
SHA1415a8752c453e46f2bf57cc907f242c112b9a452
SHA2560070791631a3ac8217a236dee24a951d66c3f443b69549c4cc7ebd3373784fd1
SHA512f5d6d2d3ee1c864390a9815b844f157bfe2c6fdf18cde5236016a81b6178c9b34586c9873d58adb678950335f7647bbed1111acf9bbe14180721a0add2cd3e06
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c06a725b-c7ec-4399-ab21-71b726d1d6b4.tmp
Filesize465B
MD5e8cd4d9bbeeb1b52e4a71f59a2f685da
SHA15676b2a6902f2449e59026a2a9364b5833689a5e
SHA25651a8c35f5fbe1cc689c9d09179de03d507c4cb9de2e63c817ea24fd73e08b4e8
SHA512285d1772a7a9abbe9a667eb229c8f7b16766b72a02bc219287c24ff91a97ad37af274779ebf29e7f475bdaac948beb38656364c1c0b9a3075caa006ce784175c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD569ea4c2a56565f984b9a40f3ed48a1eb
SHA10759b962d021dc1d55ffe49da6e3baca9e404b88
SHA25670ffa3445216702906bded78c39ce8f824d6ac44778d3b2a2ff50bece8459360
SHA512334fae60a32918582396e4fa79ca58b866e3bfbb0e0ee3c30165ef69c7f10ab297c8949e67bf7c14a3dccb869701c994d34b514e5a9ca85ccbb633cdf1eafd5e
-
Filesize
12KB
MD5db3a05f49e8408fcc0fb4b3db0a9fff9
SHA19c64474c71bda72c831992c5053d809c1147b9ed
SHA25626f1cf0ab6c3681519389755d94918a2c5f557e2e795ae07cf79a1f63830c50d
SHA5124b306f99d05826a485db1f7660d5a00958f0f5d3cae0a73e47a8c32513de61ae53cfcc6321c0018910d0fb5b3ade874e50c4546181f7f43d26de6a9022cf9092