Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 00:19
Static task
static1
Behavioral task
behavioral1
Sample
a31c9287b74cf60cd58b3df3f9341c62_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a31c9287b74cf60cd58b3df3f9341c62_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a31c9287b74cf60cd58b3df3f9341c62_JaffaCakes118.html
-
Size
35KB
-
MD5
a31c9287b74cf60cd58b3df3f9341c62
-
SHA1
459d88b50d142135cbfae0f8ced8f6a3795b57d8
-
SHA256
367e9fe8a7ff61334608676579c5f9eefb586cc07bb9554ed0eb32558ce439b7
-
SHA512
f8c67774c7692dd16e9eb518fcabced7c366b2ab6c3d4b9a28d432567975b91019c23d252139e781f215cf417cbdc52fcf7061bd157ae13b8a941402e0fa8fe0
-
SSDEEP
768:zwx/MDTHtF88hARDZPXqE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TDaLxC6DJtxo6qF:Q/vbJxNVAuCS+/y8OK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4264 msedge.exe 4264 msedge.exe 2688 msedge.exe 2688 msedge.exe 5056 identity_helper.exe 5056 identity_helper.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2688 wrote to memory of 1076 2688 msedge.exe 81 PID 2688 wrote to memory of 1076 2688 msedge.exe 81 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 3232 2688 msedge.exe 82 PID 2688 wrote to memory of 4264 2688 msedge.exe 83 PID 2688 wrote to memory of 4264 2688 msedge.exe 83 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84 PID 2688 wrote to memory of 1944 2688 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a31c9287b74cf60cd58b3df3f9341c62_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe401546f8,0x7ffe40154708,0x7ffe401547182⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:82⤵PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:12⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8021520737719290559,13420855956693510776,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4536 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2216
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2924
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD5059e9c89e4a1c40b653af2b29491f464
SHA1637586e879f7f24e26dfd5f01f7ec5a62f3221b5
SHA25690c4cea6099269016304e6fff68c0d437f3cd659a16793b6f9fa17bd9e7a139a
SHA5123b1e98763e90189bd467dbb2985970a652f7fd3745c1037dfe1444d862c1a2948edc733c811a8f183b1e92962832c8a69e3cccae2833a50801e2ac8b95d7b40e
-
Filesize
6KB
MD5dbd33a49314baac52a80ac837df63084
SHA1d2ec0c1e3cab386f20a474764fa2a5bf5d497bac
SHA256c129e1c4cbfae1cbedadc96b8d472a70bfbc4c1650aa4be4f26ee8c33cf5cdde
SHA5124e893ae2f741dd7ca1846e8edecfa802ea90499911e05a8a9346b60859370f8b882aef9cd455fc518a752ffd8b88e00518e6097f657ae3be0c9c48ce377b390d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD582017ae252f0cd45f41aa3f7d62bbbbd
SHA145aa36a651c03135a1ac48c481efaac449f1e668
SHA25697bb0e0b46c1d6ff6cc677b39d85e66eed208c4c61e39e857698a62a773a29b1
SHA5126b5936c3f33b2af64f1bbee66516886d3a6c31906aca2489b77789b3234fd94a81b380a863e32edcb58089ddd2c0a5fc6194c5768bfe3b6538e5a85c8d156dfd