Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 18:28
Static task
static1
Behavioral task
behavioral1
Sample
a1be02ba8ef850b8cbc32f1a1c4d67ce_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a1be02ba8ef850b8cbc32f1a1c4d67ce_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a1be02ba8ef850b8cbc32f1a1c4d67ce_JaffaCakes118.html
-
Size
72KB
-
MD5
a1be02ba8ef850b8cbc32f1a1c4d67ce
-
SHA1
896bd838ccae38abfca7a9335f8baac2fa4662ad
-
SHA256
9155be0d38d8fa0230578213fb24d3b9092b04339d0c95e430561866cd7761c8
-
SHA512
18a5278e03f717f7aac4a64f726ba4519b4f1d76eeb99cafc204d90b1324a70bdb83303986f8d0a11a49ba11960865e68965ada09429c45d273ed68621466369
-
SSDEEP
1536:7ehp+qldqVUDDkSd/Zm25+CgMucTzo+DpfnvwHeK/yqKOKdKcKLKiKRKgKvKmbj/:6hp++hm25p8mo+0RFWfo5sTMNbjtDR
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2892 msedge.exe 2892 msedge.exe 3564 msedge.exe 3564 msedge.exe 4532 msedge.exe 4532 msedge.exe 4532 msedge.exe 4532 msedge.exe 2428 identity_helper.exe 2428 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3564 wrote to memory of 4592 3564 msedge.exe 81 PID 3564 wrote to memory of 4592 3564 msedge.exe 81 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 4828 3564 msedge.exe 82 PID 3564 wrote to memory of 2892 3564 msedge.exe 83 PID 3564 wrote to memory of 2892 3564 msedge.exe 83 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84 PID 3564 wrote to memory of 2692 3564 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1be02ba8ef850b8cbc32f1a1c4d67ce_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3564 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabdd646f8,0x7ffabdd64708,0x7ffabdd647182⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:12⤵PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7928 /prefetch:82⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7964 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7988 /prefetch:82⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7988 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:12⤵PID:3064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,254363240669768585,7002006919420615670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:5028
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1780
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3096
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x520 0x5241⤵PID:3560
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5e01d73a-0013-451c-a3b0-1f61b16b0fc0.tmp
Filesize6KB
MD5cd052b3a18cbd3c291c4398c0972bdc3
SHA10f6a0bbf69839c9ac5a8d86c893d58743f70b176
SHA25673db40c21eb2f158a4a7b09c4fd289bd95f2b63f53292ffc50d57d19bc9ff820
SHA51241d55027c11f825bd5ab70eb838c3e1ebd260c8414051ff2b8dc747d6b2264576c8cea0d7364237168637f90e778266345770b17b05d610092dc5581828e46bf
-
Filesize
36KB
MD5d7c78a962a66d4ad1bd42e06fe191b82
SHA1215dc68db422a26cd9fdf7b05784fadc031a49ac
SHA256d7098fa4738225cb2b6805f4c26b299466f6d996e3a9992789fadf33752c1802
SHA512405d7e8933c76471776567744d363cb3a68b095f4953b11cbec53642bd53e36981ce5eb063befae4ec5554060ee5c8d05d5eb70fbc965d4bd6a892dee81d4327
-
Filesize
18KB
MD58bea9a2e4d8a36e4600a0678bd4af652
SHA1460e68b21afe335ea2e8c983bf9790b1a5149900
SHA2560226bb7e8d2dc6c93646d75676c35e4e4016db8d7a3a977d075993c5dcf1a090
SHA512d7435235e3898f73e6731ed7920362134658f01d7f499e5fce4fa3a2af001316d6a1f5b10b64adb9b87764e1572f7b7ed7ea491f45967673c83af76a1039d417
-
Filesize
1KB
MD5eeace5883e713f0e3ce6ac6bd55c0239
SHA1b518d968f3d36a9871e6da5062595a607731be7d
SHA256f0480ef7907865795bca1ba320efd00d75ee1d8b4a95d64f2ab51bf96162c914
SHA51219c3f928673eff068104e31a4d54ebec8d478d41ddff2765797feda10b7eefb8d437362e325f72a188cf88b7c9f8e29dbf9ce03f7b2a91a3b89740a3ce093a98
-
Filesize
6KB
MD5767f4878506a22e2afb4f492a607ea9a
SHA18df2a13578326a73d3e667b50f0d51a47010ae0a
SHA256b76bc3811bdec7bec0b07d0871d2f045312d5b387ac12cad35c1e5bab33ef9d7
SHA5123a40a294138e383edbb35787983151c12058b18d7541c61d28dc99ca61fdde837b84f32a9e9bcc44c4982fdbbae04d7d19b2fe4cd7ceca16663a587f32eab169
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD578df683a6b736497129c208dca2d7cb5
SHA1c2d26003e248571f439df886c92fc489654ed60c
SHA2566c94060c09191188b139009077322cfa55c489df17c208aa72cecce061155049
SHA512a3194c2f6fa68f62f0605096b9985b2379a44d4cabf09b5ff19f7a4b5c20f1ba5ee6da7970277acfe7d5dde9093faaa0bef9ad7087eaa9ce8fd8a4b078bce957