Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 18:17
Static task
static1
Behavioral task
behavioral1
Sample
a1b2d0e954acb7f1616d58be7a83d23e_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a1b2d0e954acb7f1616d58be7a83d23e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a1b2d0e954acb7f1616d58be7a83d23e_JaffaCakes118.html
-
Size
201KB
-
MD5
a1b2d0e954acb7f1616d58be7a83d23e
-
SHA1
1c2faad71aa584a8d60f6cdea3014a539f889a3a
-
SHA256
fc5818f234bf20497950b6f623802093cddebeecd61c03eaeca64655476487d8
-
SHA512
1be5e3dd49d84d0cbc06883ec27c952ea8138b5ba0252ecaa4869bd7aa2aef980d589c10b8909d3dfc7ee9739ce3dfce6bbbca69e9fb67ff4b9df10e5960812d
-
SSDEEP
1536:ka6Mpsb+5BLTJfqv/iXvopfXIoOkO320O0VD692nI39GvM:d6dfXoZu
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4284 msedge.exe 4284 msedge.exe 2116 msedge.exe 2116 msedge.exe 3516 identity_helper.exe 3516 identity_helper.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe 2116 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2116 wrote to memory of 3364 2116 msedge.exe 82 PID 2116 wrote to memory of 3364 2116 msedge.exe 82 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4560 2116 msedge.exe 83 PID 2116 wrote to memory of 4284 2116 msedge.exe 84 PID 2116 wrote to memory of 4284 2116 msedge.exe 84 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85 PID 2116 wrote to memory of 4852 2116 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b2d0e954acb7f1616d58be7a83d23e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb649446f8,0x7ffb64944708,0x7ffb649447182⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:82⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:12⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:12⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2448796729360740823,13140794254394549600,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3164
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2460
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2484
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
5KB
MD5695c78c78e93b36f568bff208fa2d752
SHA14747f9747772cbcc681b7e3d47ece7e3a3908e48
SHA25648b6295a641e820474a5ba6d0f01658f91733598e818b1a86223007ed7a53a14
SHA512626f89076e53857cd6c9161319e777a5a006bdf7627ad62221100c503c4b61ea1aaa4a322c487557b82675b77f0c9101793f94f582bf25473e8c23fd38aa0681
-
Filesize
6KB
MD5fbfe866c7a5f4144649ec7c187a26c10
SHA1a1e6fb1e3d5c77712fba67ba73c61e012946b2a5
SHA256a532a11405de30dceaa7ee2454d5ac43938ec6f8cbaf882c434fc70e93e9382b
SHA5122583a18802fc07693f41926acafdb67132765ec004f2a97810a9d2132b935cf36c226a5876bd841237bb431bef1e14b4f5d89a2369a1efe77c5451c530007003
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD594e2dfcf3389df625b04a783a67ed558
SHA179f9a1007f1a1bfebf3b9f725830a0740e9f61b0
SHA256353267d528d5cf636a00fdd6c60fe0c7413fde5e698e7d3535d7a9c0a802bbf6
SHA512ba7dcba41f194266ffaa1b687903cba10c859871592f857d93bc34dfe08e659915ab82a4b5cdb3a72b3994613dbab3c335c10e48b0c2749f4462f5ba76feadc9