Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 18:27
Static task
static1
Behavioral task
behavioral1
Sample
a1bd25fc2c30f4a7fba4380379291385_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a1bd25fc2c30f4a7fba4380379291385_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a1bd25fc2c30f4a7fba4380379291385_JaffaCakes118.html
-
Size
19KB
-
MD5
a1bd25fc2c30f4a7fba4380379291385
-
SHA1
f29349f1b6628f065abbf43b966c0390513f9852
-
SHA256
1c4e741c7fa70bdb9fa8c96c883fbb0d59595a40e2a0391d5e0b270812d40b1f
-
SHA512
8981b61581ead0e2d282e5c565bd03835516a155a8630a03bd094c843d9b83edb47174a626d46760574b2c9a7f6f5a1f17d00428e37eb75eac4d14da5eaabec3
-
SSDEEP
384:SLfFq5pU/qXhbwfbgsc9jbY9AzdilsNQy/osIKnU+:SLf85SSXhbmbdQbYOqzy/osIKnU+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3056 msedge.exe 3056 msedge.exe 876 msedge.exe 876 msedge.exe 5052 identity_helper.exe 5052 identity_helper.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 876 wrote to memory of 3112 876 msedge.exe 81 PID 876 wrote to memory of 3112 876 msedge.exe 81 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3436 876 msedge.exe 83 PID 876 wrote to memory of 3056 876 msedge.exe 84 PID 876 wrote to memory of 3056 876 msedge.exe 84 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85 PID 876 wrote to memory of 3028 876 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1bd25fc2c30f4a7fba4380379291385_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:876 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa704646f8,0x7ffa70464708,0x7ffa704647182⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:3436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:3904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:3536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:2116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4860
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2444
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4712
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD537387c238076bd289c585f34e9f3362f
SHA1217a162bd3087ca6db2a8dc857ad40e3ff475893
SHA256ceb631380aa2884702c314176eb1699a4aec4775ffeda8f6ceb65c9ad9e1a7b7
SHA5127638e33a0086be7b896a69a43d7648682796a9f992ee8ee2a3ba55a3f6e0ab477583497e95f14eea1a52a04a25f973f9978bd0041a3aff29c91b26cd9654a7f5
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
Filesize
23KB
MD5e1c71f7c04be834f5587230db2ad24b3
SHA1f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA2569fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5d295fb937c8344e27fe2aecfcaf96758
SHA180f86a838aeecbfed83524cecd45e1cc3363f113
SHA256875310888494808b9608e888d8074d75cdc24d25c767bdeaa930c1e06424a6b1
SHA512fe7d4778d3716eb69c1f978c93e53700d3a02c87bc84bc3d78bc86f9eb08056787714447ff2b238125c0e1626024d79b3cc27b8a9c6b113788f7aeb96535593d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD55d15d39f3e8eedce781414d72fd20327
SHA140b73b91eb8db2c272dec21dcdad3525f0dc9d78
SHA256bff4925f6e65a338bc3bee93353e697e6e221ec29969b6c6f7415b6f5c2b3691
SHA512b4b109c5f31b2dac5b26f8f2c97b9a17319fcc064440c3796ffb490f5663a05809ec764ed00ec8fefd3a79a6252b508f21a5c43f5819d9fb0b62ce61e92e612d
-
Filesize
987B
MD5557e8f2688905a444aacf4f7ecfb0d74
SHA169bbe27382a8f42d5dcd6ec3a8353a9d75e695ea
SHA2568622f8d29b1a22acd6a0114c9fa8003fc4be0c721352f8bae95e0c042923bf21
SHA512b302f2f4f05a5b5d98030dfae693f15360c6188293c15dfff6df391b1c29de74eac86136b7574d52a95dd1218ce40825c3344be0487a358a58d6b56a2e7be6ce
-
Filesize
6KB
MD5d77a8511634ba17336bafe850cf4df13
SHA14d817facea8150a003eb12eae2ee40d882730d82
SHA256817c3618cc34945cc89804ea73627871d5c120bb22ea431b401c87ed48615e71
SHA512f2575f42505d13c63d4f7992ec2c19e9aa10e19a9a5b153aaffe1f2a23f59adadb6e11a826fdabca8193ec31e99a976e7d56f7fdf8cc0040cc0cb4b8e378c206
-
Filesize
6KB
MD53cf8f7f5fb88a68c6b438fcbc7f14f1a
SHA19a3df5faeb6afeb7f8ae148310c1ef983c9dfca6
SHA25655d62a1564436acda47e1ade73789e22a98788c68c55c856819fc704c0e21072
SHA51228de699dc0d70258c2efa12c4c0edd35873e300a39bd5ecdee77753a9cbc9590b3516db3085d456167c9ffca17d8a87f50303d632da0c3ebac712b8c5b31b1c3
-
Filesize
6KB
MD58da609df112cb1307ba7038b6c205af5
SHA1182b6018e19447e15eb6d3852c6037b78c8eba29
SHA25629a61f866b9363b8be8ceca0b36da99bdfade47df75015c317721278498abd22
SHA5126340112244d69c5f7b01884667d712686311a4e3341fe034727adef5a2619e51ed505b8f0943cdb0a9fa300326c19d399295f68bf80af23652a1d14b59c9670d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389