Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 18:18
Static task
static1
Behavioral task
behavioral1
Sample
a1b405f3d800f97173357a68414ead97_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a1b405f3d800f97173357a68414ead97_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a1b405f3d800f97173357a68414ead97_JaffaCakes118.html
-
Size
46KB
-
MD5
a1b405f3d800f97173357a68414ead97
-
SHA1
838a9feab9ab3c2e3e3feb5c1870b103164d3fe7
-
SHA256
20801f1c8e92b6532a3d652cf46d0666b6f48eefb8ca9ecf3dec91a14d99a454
-
SHA512
5762623f459ff1a1a7526fd2f1a408cf6c80a684112785de2a717e696fc0a7cedaa44a599c3267a4f8c5a72def3dbda4ca1bca5ef369beebca4f74314e0177c4
-
SSDEEP
768:q/30/vUafdx9Qx83VNQ2aYRkIjTOxW9h2xZibt9h2xIi7ob+knd3yfp:q/30/vzx9A83VNRGIHOxq2xZiZ2xIi77
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 532 msedge.exe 532 msedge.exe 3668 msedge.exe 3668 msedge.exe 904 identity_helper.exe 904 identity_helper.exe 4592 msedge.exe 4592 msedge.exe 4592 msedge.exe 4592 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3668 wrote to memory of 1736 3668 msedge.exe 80 PID 3668 wrote to memory of 1736 3668 msedge.exe 80 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 3600 3668 msedge.exe 82 PID 3668 wrote to memory of 532 3668 msedge.exe 83 PID 3668 wrote to memory of 532 3668 msedge.exe 83 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84 PID 3668 wrote to memory of 4848 3668 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b405f3d800f97173357a68414ead97_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3668 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffef5e46f8,0x7fffef5e4708,0x7fffef5e47182⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:12⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:12⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:82⤵PID:636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:12⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:12⤵PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17391723207031614977,5455273275310275585,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6984 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4592
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4800
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3460
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD599262d712acd3eb97da84aaed6be1faf
SHA102b1868fa0a65deefb92e13ea2f44f718a1f2bf4
SHA25676a60d7f04af6cb416ed6bf3009911a53c3ae4fcb0331226f23c0b162435ba67
SHA5123d5c54b5a097062b8607c679387013db9b634f37ad881ccd2889c548063f196d9e4551e1586af3049d03dc432dd619202ce6e603d5650632fe29de9efae49cb8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD512e2bf82c32cced6a1f8d3a1fe8fdb7b
SHA1b3fbbc594c44a38e0d40c5554188159519c46f51
SHA256667ad0e8bf3fac33fb34b0ad4665401001a583428998f23d3c78d99388d88140
SHA512413d552f5b15fc1047593ddf805675c2d4945213f15f17c23a9163973cd494d264a53b7fbac80e865ce0a200762d1eb87390886b296e5e72e6904a93834ccae1
-
Filesize
1KB
MD55a78e851a71e1e3302179b4caa55a286
SHA13825d931a6fcc088d6cf483a7305df48a20fb5d9
SHA256c42677be8ef2a86d5e5f37f80eb575655533be6358aee12c166dc46e45564369
SHA5126c8d81290da83132ca0a2c82df7d9badf35266b5f1108cc37291849d4b01ce12db634880e16f4f4f748b7aa20b55f9b52bbca33d1e45d0867c89f6c30f4d475c
-
Filesize
6KB
MD5a7c0ecfede9faa757356bb096a1b4d17
SHA10ecb391e2f5855a239ec9cf443d5b31fb329a193
SHA2562cd579a73c79b34565ce8706503fd257fd6042d2fbc7255744abb951b8e78033
SHA51267ab6a380e8e0b6f30fc3584a6a6c0f23424409c070daf38f6a671c7f2ac3ce7ab5c0ef6a2c031ce1f22470c5ad80f834e1715cab355f105515e2cdb5abad6ab
-
Filesize
6KB
MD5be4f1e619eb2632660fce718041b60ef
SHA1c47102976e6bc7a0d1fb861af314ea3b6cb2ee65
SHA256056a887b2bc5912ba9e8afb54dae69676bf343f1d6d4f8222567d7130c3f9c7e
SHA512124893d1719d4bf49c41886072fbeb43d3f415098fbbe62e41adf2098c2201ab95bd234930e2d95015e879374b2f572882202910ee55c5e1948ba1268f26655a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5fa084684ee134fca77f5d9de524cac5d
SHA117bb8ec8ab7a9520ae8efa517a512f2d4c41368b
SHA256642aa5e0fd7e2bf579bc762f6af58824526014f76e75759fb265a5e95b06a3be
SHA51252352141c2231607be188db67f7347316551068ed457ad040d183174c4997c15181569226c9a2a11b821edc15931d8e4cba33789195c284f02410d79650a8c71