Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 02:58
Static task
static1
Behavioral task
behavioral1
Sample
a39b76d9a7e17791b9d9b50ae49ce859_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a39b76d9a7e17791b9d9b50ae49ce859_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a39b76d9a7e17791b9d9b50ae49ce859_JaffaCakes118.html
-
Size
35KB
-
MD5
a39b76d9a7e17791b9d9b50ae49ce859
-
SHA1
d757d73e4b8485564fe8801fb3132c429ac1c2bb
-
SHA256
1d198a438cc586654c9e94227d4fb6d1b58a90cb82733688d17b30eb3257ccb9
-
SHA512
6eaaff0e0ff500137aee890b81b75bc5b43f231c32e7975781bcfc2cd31f13369d569146933df08256dbffa19f5e333c5a8d9f929e29c5d8f5d39c8dbe421ba8
-
SSDEEP
768:zwx/MDTHUO88hARvZPXKE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TIZOX6sggh6lLRd:Q/jbJxNVvu0Sx/P8+K
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1476 msedge.exe 1476 msedge.exe 2928 msedge.exe 2928 msedge.exe 2268 identity_helper.exe 2268 identity_helper.exe 2940 msedge.exe 2940 msedge.exe 2940 msedge.exe 2940 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2928 wrote to memory of 5044 2928 msedge.exe 81 PID 2928 wrote to memory of 5044 2928 msedge.exe 81 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1804 2928 msedge.exe 82 PID 2928 wrote to memory of 1476 2928 msedge.exe 83 PID 2928 wrote to memory of 1476 2928 msedge.exe 83 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84 PID 2928 wrote to memory of 2916 2928 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39b76d9a7e17791b9d9b50ae49ce859_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7e8c46f8,0x7ffa7e8c4708,0x7ffa7e8c47182⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:12⤵PID:752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17169552118226170584,7039723099766412747,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4644 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2940
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5100
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
614B
MD56c9c4d7db6b4fcf1a8458b904bf65a42
SHA1a3ff8edc45d12750d9b299a50561f97ffa2f8ce3
SHA256671d5a851bb63f4b260d7d758385ece6f45d091a6dfc3db837e8e6df386b1c99
SHA512d40592886767e5c062f5d67cb1276a100c68e53e9fff77efc73ea96ba18898ad6414d229e12d370280392ff52002bbe09a11a93d7af81e7b0c3d37533ff308c3
-
Filesize
6KB
MD5b8d8eb88540e33db944bb946cec71486
SHA12675dc905856b215a57d2547082bebcd6fdb4bf8
SHA256f00932db28b1490b76b1b5f20f4ab019973f11321395b5f2184bc200d78e5977
SHA51250e49aebee8b44493be5bdb20fd0b73408fba109ad81d13e88c0539d629e1566acbf54ee1706122b76d0e0d93bef7e45207c111e75c69866f21564a1c0dab0e1
-
Filesize
6KB
MD5a15f046d6ad9f25f3d2c523f04849f99
SHA1e67e19941331897830e2573632576c7a6f1fca7a
SHA25658699d5b2aeb447163ba6c304dcf1c6b2321d5665ceeaa64e92633eef93a959b
SHA51223861c3906123ad5c12bdd6d5c9c824a7b24e2a2919403c85a76c8bedbcbfca50c9f8bb087b7af74dfd909132bd3a1bd6a423f56245e882f77f002a36c92294c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ad1fca9514bea1d3d4e6041d707ce799
SHA1a58fc441390424c96b63e5d8064d45ef27d02b3f
SHA25690976c209bbac31248bf713b1b8292eee15110638193556883b0b7c630a2ab27
SHA5124246ac541facd57dd081473949a03abaf99e6d02cc7bb7dcc70ace45ac9dacece49f01c61125dbca57ef7476b867144f78db9f561b76841dc7b4a1460de209e4