Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 18:29
Static task
static1
Behavioral task
behavioral1
Sample
a1be57e1bddf2bd6c3a67fa7fa034830_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a1be57e1bddf2bd6c3a67fa7fa034830_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a1be57e1bddf2bd6c3a67fa7fa034830_JaffaCakes118.html
-
Size
139KB
-
MD5
a1be57e1bddf2bd6c3a67fa7fa034830
-
SHA1
2267894cd942e79c88c7749f9554c723bec8e01b
-
SHA256
83751cd93a45c7e1027f489b3c6937c2d9e02ecaf5428cb90830582f7c276292
-
SHA512
f8c7698f2ca7f5964ee94c3e812f4fc8a73ec2ed7846349298b0b4776f251794474a11abda1167ebb02febda5b09b4356e74790430b58184c043cf0bc0800025
-
SSDEEP
1536:SrDQCOldyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy+:SrmyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1152 msedge.exe 1152 msedge.exe 4364 msedge.exe 4364 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4364 msedge.exe 4364 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4364 wrote to memory of 2700 4364 msedge.exe 82 PID 4364 wrote to memory of 2700 4364 msedge.exe 82 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 648 4364 msedge.exe 83 PID 4364 wrote to memory of 1152 4364 msedge.exe 84 PID 4364 wrote to memory of 1152 4364 msedge.exe 84 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85 PID 4364 wrote to memory of 4456 4364 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1be57e1bddf2bd6c3a67fa7fa034830_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd4c46f8,0x7ffcdd4c4708,0x7ffcdd4c47182⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,15098166823376859841,16230443806105338986,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵PID:648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,15098166823376859841,16230443806105338986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,15098166823376859841,16230443806105338986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,15098166823376859841,16230443806105338986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,15098166823376859841,16230443806105338986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,15098166823376859841,16230443806105338986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2924 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3612
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1984
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
Filesize
6KB
MD5ea1199cc387a4101c4686459b445d3ad
SHA189e5697314ef5bbed211a0a719ab6d89f1bd39d1
SHA256c99ed224ba4fcc0328ff8b73da3742baba52756e8fe075a9f9d2533dbbeacbb9
SHA51217512d7518c3ebe247b8767840321608031b8aa4deb5dfb363d61f952407d0a51c022327e6465cef9306d048cf7190da2639f5a3a4d8c92137a1e8d9c5904b21
-
Filesize
6KB
MD57ded11c72eace24720049a9d14954f49
SHA1540e7780575c82c67074464bc1344a3aea616d11
SHA2567e6bd008a4439da2735da392dc4c8545e697e3c2ef3a79e43acafef4e2a5a4be
SHA512b75f6748ba8ac0f516e33de29c246d60770f2aeeaf89eb3aed9b20c4bbfa31ddd432aa44a6665077a87ca06a7d982b3bd7b60850f8ccd13c4b89a486ee2fc6a2
-
Filesize
11KB
MD5bcc8a1fe61b72e52f3e3cea9c92a41c7
SHA1d92966713b257121ea3b8f0e515abb44eda6e62d
SHA2566b2c37d0b7e024e9df60552356edcab09f1e6530d66be36403eaf0de0265fd6d
SHA5120232cc771b70890b37b8c6c65f251c19d714c52ed9131ea27e5dd86480a33c36ac0e8504e77ce657ef057e17340c645c6b5f2578c24baf5c7fecaaecf790a721