Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 21:34
Static task
static1
Behavioral task
behavioral1
Sample
a6abc58e0f14c68992ec2647f2060683_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a6abc58e0f14c68992ec2647f2060683_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a6abc58e0f14c68992ec2647f2060683_JaffaCakes118.html
-
Size
6KB
-
MD5
a6abc58e0f14c68992ec2647f2060683
-
SHA1
0890474064a97fe9f86b9b0fd61581b5d7342d15
-
SHA256
632b20666c1d7432e39d6aa7be0e0c66ff5a2e015b0d8c066c5c642825a56c33
-
SHA512
b542163ef32347da83274ac90c374a18597299e3be5fabd61ec36119e927952ac7fcb162813688abe262a783bf6ea3d0db650a4302b7baab0118bf53c0f0b61a
-
SSDEEP
96:7hM3sHfzsLkuAvZYMq3OQv2vufMJvZ8GHCOWhWJ80Jdkr39H:7hM32LsLQ11ukf8GiOWo0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1948 msedge.exe 1948 msedge.exe 432 msedge.exe 432 msedge.exe 3544 identity_helper.exe 3544 identity_helper.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 432 wrote to memory of 3184 432 msedge.exe msedge.exe PID 432 wrote to memory of 3184 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 3900 432 msedge.exe msedge.exe PID 432 wrote to memory of 1948 432 msedge.exe msedge.exe PID 432 wrote to memory of 1948 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe PID 432 wrote to memory of 3372 432 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6abc58e0f14c68992ec2647f2060683_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:432 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa127d46f8,0x7ffa127d4708,0x7ffa127d47182⤵PID:3184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:3900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1948 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:3372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:1196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1676
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:82⤵PID:5320
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3544 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:12⤵PID:2516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵PID:5580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵PID:3512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5749749902573046715,6883881979146866161,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3528
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3904
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1416
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD5fb28f763c0360db41c22e12193aea26c
SHA19794e2c71dd06fb6aa151fb31c7a7526e6042fa1
SHA2560a9564547278a8b54df3eac9b1215701020e92a06ef72c334c14c9fb77f42c6c
SHA512b71aff22048b3bee4d5a7da76e828a360d983c306e5fa930abd169b1b2c75df44adeaf67a9575c3b25ffe1bc23fee55bb41278fa09c5284d7e7658739184fcc9
-
Filesize
6KB
MD56e6bf245803586db91ab59ef459ef4e9
SHA1a0c7ab8e000816ed28eee021ecfbdd044660f3a7
SHA256c4cabaa19bfbff0a0dc8afbf8eef968ba34783d8d6fb4274f35ba6582bbe6fa3
SHA51277e58d7213aba2d681a67515a091bb8468e9a1159856f6db352b892c3e7402062c492a53f4122801c14fc6e1dc39b04272caff034dbd4179be031c4ca96495b5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5eb9b63439561ed863617c50ef69b531a
SHA1abde5871c9b3a12336d5c2d13efdc352bdb7c5c5
SHA2561ed6ed92adffbe72a4ae831bc40b6948398c3986379a8e8b65d64f7485fb56bf
SHA51214aaea3ce9b33161956926a5fade70f2aa24547c3058c5ea262259d0ed8b82f3e83b019efcff48daae352e9383e8aa884db9af076e7a675cb0365b7f6f6580e5
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e