Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 17:12
Static task
static1
Behavioral task
behavioral1
Sample
a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118.html
-
Size
49KB
-
MD5
a174050d5cc6c4121968fbd46b7ce168
-
SHA1
b7ef10d51d8051eb34f0d20abbd7950f75103ea0
-
SHA256
4a98053dbc8b891462d2331a617faec51969e50ac7f3c3bcb91a3fb450e00373
-
SHA512
dc59ca9984895fb984f63229e6e82f2af135158c026cb6e159a9e8b766c0cdba678f199930e1f957959a372786cfe6483ef77d4a615304597cf111e3db6f22a1
-
SSDEEP
768:Sy4nYhMSjxYPwL2dVljIKtGhuQdpwe/YF4CCHZ2tw:Sy4nYhMSj+Nd/jIKQuQdpd/c4C82tw
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 2432 msedge.exe 2432 msedge.exe 3140 msedge.exe 3140 msedge.exe 3476 identity_helper.exe 3476 identity_helper.exe 4616 msedge.exe 4616 msedge.exe 4616 msedge.exe 4616 msedge.exe 4616 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3140 wrote to memory of 1708 3140 msedge.exe 82 PID 3140 wrote to memory of 1708 3140 msedge.exe 82 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 1392 3140 msedge.exe 83 PID 3140 wrote to memory of 2432 3140 msedge.exe 84 PID 3140 wrote to memory of 2432 3140 msedge.exe 84 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85 PID 3140 wrote to memory of 4468 3140 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbdf746f8,0x7fffbdf74708,0x7fffbdf747182⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:4024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:2788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:82⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5884 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4616
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4492
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4624
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
187B
MD5657d80e778b39d653587f8847338262f
SHA199a4134362b9df2fa03c4e8fb3733518b6846a4f
SHA256629624e44c2552d545840929a840c367d729df1d532db9e340d39a0c51d5799e
SHA512ef63b729f03684d28865ee445b07279bcf39d542b0729c646fe5876ca45158f80e6b969ad5ff21a6c98bb449589a2aba03c1a811241afbed4d8318561ac7656a
-
Filesize
6KB
MD5b431f1b1369b702e792909994742a286
SHA17b81e1f307d334936c12647353ae7b49d9959e25
SHA256ea50e511c4868586d4b4efcf58749e725c667714a795143f34caaff25797e8f1
SHA512e656e2e3f40c79c31ff95012ef0a66d24d75afd98fa2032b3124d1095c6b778440f050134fba61ad8fc0465fa02a591107fb99062b4f51a4a821bcc355842f8f
-
Filesize
6KB
MD57d4b3ca441194fc9a5d699be272d127d
SHA1b2e011b177fe2121014653111a8598e2467fcae3
SHA2561f26df95d0c540d3a658efd6147176e3cc0fe556841c9a7df3164bdcb96a2fcf
SHA5128fa5656c9249d78633819fa8ae49860dca6222b6edb9950cc3e245baa5266c527777e3ff129b8185ba89607b2a44b37993c8340da934af73e8e769d5ac01d992
-
Filesize
6KB
MD512fb049fe2807787e4bf53dff4d90828
SHA10b08e01aee6bf3cf8f42f1e016a1bd12fd88df8e
SHA2563ab239080d872d67241bbc76a55ccaf5e46b1ada786a9f1395a1139937f16101
SHA51204fa71baac1c0d225b49c39f87dc32a7ed23ed85ef7b1cc611d271d9655a330a0c4438d4ffaff01a4108aff76c6a184ee9f194d9823d9cd3b22e087f2167f945
-
Filesize
203B
MD54163e463b10dffd42cd67121339ab71d
SHA1130b9040f18cb1dfbfbece7c2648e7fdf44ff5f5
SHA25694be9599d69363c0afe12f37c077e3856bc7b9148c6578f2253c4ca65b5fa6d7
SHA512b3b267fee467836c7042244df65f54ee46051aa98d9baafb18200cf729f5497dc84acf16112f207ffbc2897076c941283942daeb5afa855a34654fd1dd8f91b4
-
Filesize
203B
MD5067355abd37b5bba9198714c1207b56a
SHA1f952e1614052e76ddd55751f062e299180556259
SHA25608e421513e03c84ff75826a7848d92a747b50a0e7e9ac42d828d69db01f6d57e
SHA51240399e7259e0ec17a293e6d8be7663c7ee5193527d551b30887d4cb87441a99cf87fc9b97bafe944077558f154c90699f3c8fd068b2926cc957162a77bd9c613
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b305182ecee45b9eb2ce7cd8b9e6f7b8
SHA12873e3cf00cb6388ace7ee171e158dfbc80b9de2
SHA25670f7072cffa0bfb036b853761584c7d00fd48c9aafc5f5ebe8c9456f104f5fe5
SHA512170c340e4917dea5dfcaaa875200014327f540ce055cfae352b76ad014cb9fbdae8c22995a476094a37effe176e5102acc8763d3615be92b3bf7137f330179e6