Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 19:42
Static task
static1
Behavioral task
behavioral1
Sample
a2089ba69dca29616c02642fffec282f_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a2089ba69dca29616c02642fffec282f_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a2089ba69dca29616c02642fffec282f_JaffaCakes118.html
-
Size
20KB
-
MD5
a2089ba69dca29616c02642fffec282f
-
SHA1
0f5986ffae6e5e08c492aa6dce123671c87a182c
-
SHA256
196620431121a18dd7c70cdc3dd6edbdc5c3aa4fd4a1b24c0b8a40ff7fe45dbf
-
SHA512
08d07138ab6cd147238ebe57221e978471960313a2974abbe26c97fad63efbdfae5c55885c03da2b097aedf9038434f454db9f881f8d40af3ee24324b6618802
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIq4IzUnjBhMG82qDB8:SIMd0I5nO9H3svMFxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2180 msedge.exe 2180 msedge.exe 4788 msedge.exe 4788 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4788 msedge.exe 4788 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4788 wrote to memory of 664 4788 msedge.exe 80 PID 4788 wrote to memory of 664 4788 msedge.exe 80 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2856 4788 msedge.exe 81 PID 4788 wrote to memory of 2180 4788 msedge.exe 82 PID 4788 wrote to memory of 2180 4788 msedge.exe 82 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83 PID 4788 wrote to memory of 3388 4788 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2089ba69dca29616c02642fffec282f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2bd746f8,0x7ffb2bd74708,0x7ffb2bd747182⤵PID:664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,340939275961462393,13588136977169664697,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:22⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,340939275961462393,13588136977169664697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,340939275961462393,13588136977169664697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,340939275961462393,13588136977169664697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,340939275961462393,13588136977169664697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,340939275961462393,13588136977169664697,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3012
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4188
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1324
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD5b18037f665286f228eeaa774c609287d
SHA18b3f1928f7f1576a910e968d17879c0631a146b0
SHA2569eed1e4f7737aef36bbd2256e8bdd9ed3d5d4908b4a881e19f6e992d4dd78f3b
SHA5125fb7dbc209274fc6685cad11e0a89ea83836f472bc755e4ec1be5b4173ef1234e6f3ee4d06a8794a6cc9152daecfac27e03fe80ab1b7befd269488f6e3032c50
-
Filesize
6KB
MD511e67b405f966b628b70444e55f24782
SHA18ef269a1cc3e6c493f1740a3f99b884129a67c69
SHA2568dc63571f083c3bf64377646f5a6fe31ced9adbc224c966b8c5f0aa1c83bdc17
SHA512ac6017f7e2285ba1422a5da402242e07c14d45378b2ee33d0a423638ad547e38e823433b4f1f695cf5276c676bb903d5c0bf0ee318c69e3bf43b57081f3062b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cffdfb7a-81fa-4ce5-a40e-d5af63c7eecf.tmp
Filesize6KB
MD5aef11cc7cbe00723287a10ef73652592
SHA16ab95c6cd25692cc0514c2a03e0ac9a8606e5a4e
SHA25605837c77632837481f16943689f94379f77900250919458ad201b747b12d7d23
SHA512618a85da45e29adc6e30ce39df93182a18623c4911b83d7e65277358b44df0d4431591985f99fe85a5cc826311818d1f9bf8a0dd163b5909262b09f58e7d32f1
-
Filesize
11KB
MD5841fb8fe961eb958d23864abb4d9e604
SHA101e5d30aacf9ade863e8063fd693df1c95c3de17
SHA256fa1ee4fe8563b3c361cf225175116525ace4f9ef9e45a504e21e16cec5015aaa
SHA5127cb22afb15b389ef52e4c9cbbf9c90544eead5203b3baf357af205496374c73bb29bc8823027725205056e33974899255009e7e6775c19dd496e74ed53d03b4d