Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 16:32
Static task
static1
Behavioral task
behavioral1
Sample
a1579d8489f2b2def0581b5d53b837e7_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a1579d8489f2b2def0581b5d53b837e7_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a1579d8489f2b2def0581b5d53b837e7_JaffaCakes118.html
-
Size
3KB
-
MD5
a1579d8489f2b2def0581b5d53b837e7
-
SHA1
e512f195e233b0f6aa610d575814b33a8218afc2
-
SHA256
d5aa180cb9b1347680495f1bd64019878314463ac98a2e5139a2d4c2d9d4674a
-
SHA512
f733683c41e34f98a7b0c9c9747e892d50109039f94cb73956add24e8d875144b3e5a1aa42e268d13345b91809ce0bbc9280824528d61e150af79eca32627c3e
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1468 msedge.exe 1468 msedge.exe 2412 msedge.exe 2412 msedge.exe 4344 identity_helper.exe 4344 identity_helper.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe 3944 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2412 wrote to memory of 1328 2412 msedge.exe 80 PID 2412 wrote to memory of 1328 2412 msedge.exe 80 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1956 2412 msedge.exe 81 PID 2412 wrote to memory of 1468 2412 msedge.exe 82 PID 2412 wrote to memory of 1468 2412 msedge.exe 82 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83 PID 2412 wrote to memory of 1156 2412 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1579d8489f2b2def0581b5d53b837e7_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe197b46f8,0x7ffe197b4708,0x7ffe197b47182⤵PID:1328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:1156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:82⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:12⤵PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6407121259309970513,15405035593316554441,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4644 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3944
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2236
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
Filesize
276B
MD563e94862b42530f86676ad4d8dad984d
SHA13fd2230f79711e641c7d8bc1fc8f6d671319aec8
SHA25602bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25
SHA5128f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff
-
Filesize
6KB
MD57cce8e3081cc81d2a117540eae149860
SHA17ec7f9dcea284ed065dd50f5b030632787fc03f9
SHA2561776a4b192b147e266bf1d0fcbc2ccfe98ab53a820718bd7729e9c7975afd0f7
SHA512c6217211bffa822fddb1947fff61357b86059408e5b3cb7c7bbc1f4cf7d14e5bcbd9526f1f4d3f179bfa952bb78039ac6a25f1996c289857cdb70896b249946e
-
Filesize
6KB
MD56fe1c90e4f68cff9173ad8cad225e96b
SHA15e7aed19568294094037472d6eee7ea73bbcbb85
SHA256054a71e2c618c756bcf42a02f7b76f754898215bd35bd8a71035abedb44b6252
SHA5124c33f57678e369cb8743128f1a7ed4044029128c7efb0ff10cb233e9b0895e11fb0fa0477c6fe3386555d5ee3dba67cf37b1c831b5bf62a6de8371567bc7ad50
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD54569ef0c8dd488ac23c19a69a4804dd1
SHA16a8e30f860db02a507831702a9fe2945c11c0940
SHA2563a92646c4472f40704d7047b7272786be39fa08d11d53087287a7888b20b21d1
SHA512de34f3176c5e489e02cf2e154dd26d80a67db0d8d22aacdb789b66f7a41f337fc72debfa0249659aa7f1c80f19ac6b21db499b957616cc13869f3c9484457692