Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:10
Static task
static1
Behavioral task
behavioral1
Sample
a34ec33e4110d1e7845e71b4388f3e27_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a34ec33e4110d1e7845e71b4388f3e27_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a34ec33e4110d1e7845e71b4388f3e27_JaffaCakes118.html
-
Size
23KB
-
MD5
a34ec33e4110d1e7845e71b4388f3e27
-
SHA1
2208ffe50dd193f749b6fea68a521f0bbb1879d0
-
SHA256
2f9d371c6907729044dac56a270d65c957c844d020b60641a97808aec77a0c60
-
SHA512
d1734f776018df64719b3ada0d763d8a88e43189bdf1f9483e5728767293a00f452b571383619295e9cede2b69db93f9ca2e4fe438c7a66a83c198e26d75451f
-
SSDEEP
192:uWvwb5n2WnQjxn5Q/FnQieoNnknQOkEntLLnQTbnxnQKCnQtqwMBIqnYnQ7tnOYN:bQ/mSwz
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1908 msedge.exe 1908 msedge.exe 800 msedge.exe 800 msedge.exe 4444 identity_helper.exe 4444 identity_helper.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe 800 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 800 wrote to memory of 928 800 msedge.exe 81 PID 800 wrote to memory of 928 800 msedge.exe 81 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 4428 800 msedge.exe 82 PID 800 wrote to memory of 1908 800 msedge.exe 83 PID 800 wrote to memory of 1908 800 msedge.exe 83 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84 PID 800 wrote to memory of 3600 800 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a34ec33e4110d1e7845e71b4388f3e27_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:800 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93d6e46f8,0x7ff93d6e4708,0x7ff93d6e47182⤵PID:928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:22⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:82⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:12⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,3674833644637484973,7458840312969362560,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1060
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4696
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD5460cb71ae1405e622d625b1588db03f4
SHA17499c980ea2724e7669c49ced857d8eecd094ea3
SHA2564382efb1e97d643551cf463e183d572d745b1696ad4e9452cea0e1ee2f144913
SHA51295e613570f386905c5f50d2f5c63207f5a9e4cca3e894dd9458fed11d8a429dc9166d74d7053009c224461c006aa830823198c14bf6cfa0609eb27aeb72e9963
-
Filesize
6KB
MD55fd39e77eda0252507127e1821421cc5
SHA1ec0f8ff36309d4b40c48d80683fe050b5c01c079
SHA2569733d0083257eed76637f30f532a94b583f6b1f7b295ef3343479a4670604a47
SHA512f69a4805b36200f2521f7d1f20aac7dcc2e96eb4c09c840053b877578b8922572025f6a4d5c46c0fc877f05af38b13e28019a8695b699e01874001588e77c32f
-
Filesize
6KB
MD55b66a7803e8b936c68e7d580405d676d
SHA1815e8566143a711f62adad722499934f0fd9aa90
SHA256601420d21b641be6ec7df77e3d737bef755c2131b14e44b0b0e44a9270c7d764
SHA512ec5ed81045d8ce6c0466ab7ff43ea537c1e31928b1ec6f46aad8e79d7c323ea2a762daafd3ab9cc068be3bb8144561fedaa7310cee203b21bd69c8cc86016d3b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD561215f9318641e1d388a83cac2503549
SHA1d3025a415bdfd1513dc7e34b7c7c4fcd229acef2
SHA256ccdc2b2e09364220dd21feb1eb72fc67c25863c66809e785a0d3cda252d3a32b
SHA5120da450144b91a5af4f062e5aec492fa0f749b54cba8afcd004fc846edf7d8acac10d9369fbd47c8897a6c9ef897cbb17379317ec94038f18f51c75bd9127fdd8