Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 18:48
Static task
static1
Behavioral task
behavioral1
Sample
a1d39421496e6bb87b19e17870cf32e5_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1d39421496e6bb87b19e17870cf32e5_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a1d39421496e6bb87b19e17870cf32e5_JaffaCakes118.html
-
Size
3KB
-
MD5
a1d39421496e6bb87b19e17870cf32e5
-
SHA1
f9dfadfc06ef5bdf210d60b22abd4562d72f6f9b
-
SHA256
3241669ae8f00f9c051e226d786f2fdc14361ad6076095a9b4ab53fad672e487
-
SHA512
8f6f54b83b3bb31079137302628dbf2fb8f9056e1b919710afcd8bbe2156e76ca231c06693ce0b7d422040c5942980ad0d776f6dfc1dacdbe8b81a94a968cc77
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3016 msedge.exe 3016 msedge.exe 1452 msedge.exe 1452 msedge.exe 1996 identity_helper.exe 1996 identity_helper.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe 1452 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1452 wrote to memory of 1620 1452 msedge.exe 81 PID 1452 wrote to memory of 1620 1452 msedge.exe 81 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3756 1452 msedge.exe 83 PID 1452 wrote to memory of 3016 1452 msedge.exe 84 PID 1452 wrote to memory of 3016 1452 msedge.exe 84 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85 PID 1452 wrote to memory of 3484 1452 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d39421496e6bb87b19e17870cf32e5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1452 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff934fa46f8,0x7ff934fa4708,0x7ff934fa47182⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:82⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:82⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2926095608455401477,14420117841587017154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2348 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2284
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2948
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
Filesize
276B
MD563e94862b42530f86676ad4d8dad984d
SHA13fd2230f79711e641c7d8bc1fc8f6d671319aec8
SHA25602bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25
SHA5128f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff
-
Filesize
6KB
MD50f46677d9aa94f00d3808de24248fb40
SHA15bbd907e724cafcb9ba156f08fe560c495e24e06
SHA25667b3db13a48a9d74796b851d905f0fdd1213c26cd66002daefb4c3ed03ac592a
SHA512dca64f5b50598a05b6427dc835dcf26dbb7207aec71804a116df28398cb21b1847d628549cfd6700d253168c7c45520a1433b0c6223c98b5ca8e2a96b953232d
-
Filesize
6KB
MD53a3f20d89c8daf0b94a51ddba73ddf1e
SHA1d4bf89f5cc1cde2501582b89edb511cd0b0588d1
SHA2562b23ca9571e77f3985b5fb772f52c0d882cc409f18761dba8fed5362e56c8a61
SHA5128f0c400d87aba42e1708c56a81fc2ccaf78d8d871db49ee06ee9a21a04259de7874f32c32c178d0422165cb99712a2a93f31a6d903454347f609ffd5be90b58e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD545c4856fce2b2eddfd8346ce627b8c2e
SHA1ad687e78f6da887277a03a15b99987648131c819
SHA25613487d9e54b3b1b0d1553600dc33fc23400bf3352f34a4906b4131946a3714b0
SHA51269359eeb2151cb27dc10f6ea7db9af788b995dfdb926598a68775cf4cfe56338ff0243132d54969046d27e128d061ac2667a1bbbd87bc85ba722526a390b1fb5