Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 22:00
Static task
static1
Behavioral task
behavioral1
Sample
a6c69b629e8b86189d7fd161563dace6_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a6c69b629e8b86189d7fd161563dace6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a6c69b629e8b86189d7fd161563dace6_JaffaCakes118.html
-
Size
7KB
-
MD5
a6c69b629e8b86189d7fd161563dace6
-
SHA1
443a23869db257b3f1ebe2160c4dfa42b910bb80
-
SHA256
b1f66e8768f92a3ac7518567ae04148edfdc555cad10ac469b0856f6d6760cb8
-
SHA512
420bd083466c4cefd3dc56cb776fd9e6b037a5c113521ba7a6922d1255a178e40ecbdc97223fec417b38431e616c8174d1a85972dce5462cfb6d6fd3ce7d1b7e
-
SSDEEP
192:SIzzvLR4uy89mCvVFsw7n6Neiy/XIpRicANwggMBJ:SInv+uy8Dsw7+uIAxgMBJ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3488 msedge.exe 3488 msedge.exe 2468 msedge.exe 2468 msedge.exe 2008 identity_helper.exe 2008 identity_helper.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2468 wrote to memory of 5000 2468 msedge.exe 82 PID 2468 wrote to memory of 5000 2468 msedge.exe 82 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 756 2468 msedge.exe 83 PID 2468 wrote to memory of 3488 2468 msedge.exe 84 PID 2468 wrote to memory of 3488 2468 msedge.exe 84 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85 PID 2468 wrote to memory of 224 2468 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c69b629e8b86189d7fd161563dace6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe902247182⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:82⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 /prefetch:82⤵PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13518195829223974545,1431950617660419625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4472
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4704
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2404
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
5KB
MD509c89c04fe262abc44d49041cd2cea88
SHA16549507f9f761ca0f36ffc26f30e08a765208f05
SHA256fbe7ea3c9a34030b3d9002de71de2634eba51f753139986c3b98d630cb481f3d
SHA5129aaf0d286149f8a452f2e3edb3067313c1313cb8465fa7e114fed06f31fd77b5cccfc3e753482061a33acfe2bb6ea0304792fba0401b63d37df6c0a01eca2629
-
Filesize
6KB
MD5cb8536973e88a8b5f5b241f6c1f7d4f5
SHA11027fc3a9ea2dac10ede78af672293080c143179
SHA2568b58656ac4ef3cb44abbfccaf6d2f68cd8011473f9a7ab0b6d0e527b6b7a1344
SHA512b0f0d421505f5da28bddd8ef1e42308df31b5b20bf3e9daf069caba55f23a02a4e4515054da0ba6e79152a19cd7aabebf20485b528d8f8696dfce368ce3a2866
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD57ba76490f20ac34965110ed065041392
SHA1674d9ae635d42547841bcb98ad5b1bebb82fdfb7
SHA256be10ebfacb4c0cb5b24a851a5d08bda64bfa9b453892d0a9d530be4868296f93
SHA5121e4c898e637c1d37562a2bcf44f8210e6c4e37a2213859af112bf751b717b2afb7eac5089436a39fde6e63b8abcc87fe0f230b32ba3fd3d92b6d98f3dc6aa994