Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 21:31
Static task
static1
Behavioral task
behavioral1
Sample
a6a85a93c84c42a98ba2acda6f320b9c_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a6a85a93c84c42a98ba2acda6f320b9c_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a6a85a93c84c42a98ba2acda6f320b9c_JaffaCakes118.html
-
Size
139KB
-
MD5
a6a85a93c84c42a98ba2acda6f320b9c
-
SHA1
08fdab7a070f48eb1565aa0ebcb75ea390dc0d2b
-
SHA256
fcaa6416a8a8812823ff2ec99b2dd750cb741055c99e06b78fcb361a55aa6e75
-
SHA512
06767cb1d1573446e8d6f749edf744ca49e1e24a3b0ac12a4108b88b5ff43f98f9f876bd2f649cfa08abfa839fb411ed2931480b774298b5b2494a7f0dbdbda5
-
SSDEEP
1536:S47NWKu5fl6yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:S47UgyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 2964 msedge.exe 2964 msedge.exe 3052 msedge.exe 3052 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
msedge.exepid process 3052 msedge.exe 3052 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3052 wrote to memory of 5068 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 5068 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 1616 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2964 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2964 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe PID 3052 wrote to memory of 2744 3052 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6a85a93c84c42a98ba2acda6f320b9c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad3f846f8,0x7ffad3f84708,0x7ffad3f847182⤵PID:5068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3005812455874984434,14624273156096213822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:1616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3005812455874984434,14624273156096213822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3005812455874984434,14624273156096213822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:82⤵PID:2744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3005812455874984434,14624273156096213822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3005812455874984434,14624273156096213822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3005812455874984434,14624273156096213822,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2340
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:552
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2620
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
Filesize
6KB
MD50bc80c251ff1a215cb35e60da6e10f90
SHA1c656155b6de517513e92157504f09d52c1d77caf
SHA2567fb733fef4179ce3904b792b97a65bd42f95f0b153f43ed5ce95f51f7e1318ee
SHA5121a9bb79fc4bc0b4c67725c52663b53f330c31c945e6d3b8f455bd8cc93c3c93ab2d98df70b54a09e95ded8da394ace3e41c2bee13f46d5716b853ef5a817a1bd
-
Filesize
6KB
MD57451a852efc5ed4c27c6b11430f869b3
SHA1b1103d79ea7489dcbf695f0e98dac4b0c4f6a652
SHA2560bcd6d50bb8d3835caf86626e3b81c6759c09b5abe8d335a7950041fe4637744
SHA512915e1d3c98795e275c0818e7fa9546e0c1f60cb534ec0fc0ddd2cd3fed9bb48dc3d321403a8651ea429bf59a065dc3d87155060063919270c59c64cd02be8d86
-
Filesize
11KB
MD5683ce6cc7179349b5e7f5af1db572d0c
SHA1150eb80038474c29c18ec95ec8d6080bbac7dc13
SHA256a49ec0d12ceaea9d5f93aac74985de56868d97aba54c462b68bf0e76d5d3fc0c
SHA512c5a66fadaac8deae58dc44033039b42a9a45fecb6fdfce3b9a651a1f7b69681918c392f9cbcecf39fceb2abbe69b6b733460e96ca30cc4339f0e6bf36b50e5fe
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e