Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 16:34
Static task
static1
Behavioral task
behavioral1
Sample
a159c98e3a052d7d23d9bf4e328d6c8e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a159c98e3a052d7d23d9bf4e328d6c8e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a159c98e3a052d7d23d9bf4e328d6c8e_JaffaCakes118.html
-
Size
460KB
-
MD5
a159c98e3a052d7d23d9bf4e328d6c8e
-
SHA1
86b10013df8472caba603777b21a4ab9562d6b92
-
SHA256
2b6b1df9b5abc7d31fe2b9b1054246715f1ccfeb4731e5616bded2ee9d46ff53
-
SHA512
268eac0f3e1471757108b3a3f59a9a85fe78a9348569d1de56a75157cdcb5d681fe63d235c59fd1001a1035994bd110340baa781bd0afe4325a46648ff105115
-
SSDEEP
6144:SisMYod+X3oI+Y7WQNsMYod+X3oI+YksMYod+X3oI+YLsMYod+X3oI+YQ:35d+X35v5d+X3Q5d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1692 msedge.exe 1692 msedge.exe 2324 msedge.exe 2324 msedge.exe 2668 identity_helper.exe 2668 identity_helper.exe 4160 msedge.exe 4160 msedge.exe 4160 msedge.exe 4160 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2324 wrote to memory of 1164 2324 msedge.exe 81 PID 2324 wrote to memory of 1164 2324 msedge.exe 81 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 3148 2324 msedge.exe 82 PID 2324 wrote to memory of 1692 2324 msedge.exe 83 PID 2324 wrote to memory of 1692 2324 msedge.exe 83 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84 PID 2324 wrote to memory of 1396 2324 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a159c98e3a052d7d23d9bf4e328d6c8e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff99546f8,0x7ffff9954708,0x7ffff99547182⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:82⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:12⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:12⤵PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12806079319754664801,14666662450308465908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4160
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4828
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD59c437d47800bd1d6467ff9ceacc4fab2
SHA114ae4e216dcb14238d9a446dd22ffe9a88f3225a
SHA256057f9d2810c830dcd972a4c5babf678e81873770cf077ad7b58198782ca9e540
SHA5125e838797cd5fc2996fa7bf61f0a67235d5e4337a8428d9508d27fb7f2d630dba9f329ed7b59fd3487b8f4ca2b3a06d33637143b850a21a987fd896151cd65373
-
Filesize
5KB
MD555360cd48582ce9c1362a2bedfb0f60d
SHA12a154c44a1cac028484f1b576f73afc8371ad65e
SHA256f5a2f299ccf4e2664f8b9587d44283e80c9b534c49536c04208555ce284a43c9
SHA5124b5b0d2f927fc3b6c35d142d322994e37764fa3f3e3e021e12a6f6f6965786f92d8779d2cfc3315e163ba41b950ed31e76892cb1ff5112c99fdaa0af39d2983d
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD50b7e1411d98f8bc2f8696623052e6403
SHA1717e2a2314b6a3952599d92c5ee034be338779b0
SHA25693ca584ac1b47f8683b533b3c35560d353270f99dd7f954e1920782e2b41ea0b
SHA512bb4870994cc2b1057e3ed688df7b9baf4fd5c492bb3406bc5cac8f9fc84c8a519763c698ef3d10cc5c90451d21df3e2d6c22bb04c1a8a5f72cb73972a56d4e7e