Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 16:32
Static task
static1
Behavioral task
behavioral1
Sample
a1586578f46d5d4e70fa5e992cfee25f_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a1586578f46d5d4e70fa5e992cfee25f_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a1586578f46d5d4e70fa5e992cfee25f_JaffaCakes118.html
-
Size
201KB
-
MD5
a1586578f46d5d4e70fa5e992cfee25f
-
SHA1
8b999430b227ae36462a13da9b1e2c06fe23da1c
-
SHA256
b203ac4ff7c8f426ef750c4c86225375bdf2463be04e9954d1aa0152b6069699
-
SHA512
9076dd141fbad870695ea731ad0664343f3484a71893a24ab78e2ee3d7df278e054708346b86f596aa1e0568fc716a3805f61fd997bb816c6a83330c328929a0
-
SSDEEP
1536:kaGCe0jqHnZ33tCZtsx4s90OOQNYyWCFr6LEDmxWGvM:dG5nB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1820 msedge.exe 1820 msedge.exe 636 msedge.exe 636 msedge.exe 3796 identity_helper.exe 3796 identity_helper.exe 3712 msedge.exe 3712 msedge.exe 3712 msedge.exe 3712 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 636 wrote to memory of 968 636 msedge.exe 82 PID 636 wrote to memory of 968 636 msedge.exe 82 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 3988 636 msedge.exe 84 PID 636 wrote to memory of 1820 636 msedge.exe 85 PID 636 wrote to memory of 1820 636 msedge.exe 85 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86 PID 636 wrote to memory of 3208 636 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1586578f46d5d4e70fa5e992cfee25f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd4c46f8,0x7ffcdd4c4708,0x7ffcdd4c47182⤵PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:12⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:82⤵PID:956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵PID:336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵PID:4000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,13472267982557140998,1301465862812859673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3712
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1648
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4712
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
Filesize
255B
MD584b28e8ffed9fa0b8f6a91b5b31b308d
SHA1efaf4dff37c34966c481eef0caf7dacee9e2a78c
SHA256cf81f066b1ba1e869f5551bbc61c497d91035e2afcb750c3e63d5c7644b0b29c
SHA512a838f81d13c5ecf02aedcdc60159f4b3f6e22e1f14c566ee3b2765e5645fe0eebabe24124ac018ea64986261c904e5bb50512708babe39bde76d7a5ab9280ea9
-
Filesize
6KB
MD5360c168d10683677d75a6c18e1d0580d
SHA1efeebf9e1ff7c0d07eb44d4009ca5716f4ea4318
SHA25691d75df1290cf0992b2026f0f784b6e1aa038669728f37c5a657ea3db161e8d1
SHA512801dac3f1e41ffba7523515ae53d3655cb7927649901f45abf2e205fb28ebbaea49fedc291c9c01ad88f500c6e707383e02abb5d4f1d40d8862152936017025f
-
Filesize
6KB
MD5abb390875eabb3e110ee427b4b1f6ab6
SHA1892f9a7691e314696dad5921a925587673618d2e
SHA2569bfe2f8bf268854144fea3409c0dd544647cd3c6eac3c58323e5aa160fda04ed
SHA512f61030a56de81efc73c7403d2f8ec5c7f7d10a45e4b3bb0c59e63185e7160a5ab7ad00e9fcac7f42a0ac70f4eeb81ade70db5e33d588e4c86942bfd653cbbd62
-
Filesize
6KB
MD5bff6142718b663ecd8ff26db3003f747
SHA16c4d2a3d5118d405859b94d5e6c5db1dd182932c
SHA2561f98b8c8adb5c2d5daa96b5eb9e23491a9cd7d9b5ebef2d2329647b21b364935
SHA512cc78ad6c9a4d3b349df545bdc7ee7648086d19f50769e356f9f999ec68edbc673730bb7c4c825068273fdf31d1220d70c646733f7bb47e5c33ef02e78d06d1e7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e0798f802e2c979725ded58c308da88c
SHA11cae0fec4e3eccf1c17ab08dd0936fde18ff747d
SHA25680195426348920df0a8303a5a3ec1606d5e1244968225ea00b08a0ff73375e8c
SHA512bf3fdcb595766982be5aa1a2fbb3079bfec7fdf8eb3d513cef1a30cd513d9aababe7a23cac63b7f42ee473ab5dfae5ebea9900c8b7f2413ff718ec7168987d76