Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 02:58
Static task
static1
Behavioral task
behavioral1
Sample
a39b8a7881282d37ef44983f73cfda44_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a39b8a7881282d37ef44983f73cfda44_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a39b8a7881282d37ef44983f73cfda44_JaffaCakes118.html
-
Size
69KB
-
MD5
a39b8a7881282d37ef44983f73cfda44
-
SHA1
7d1a03ba1d89f87ae15f760a3ec7818f19378977
-
SHA256
72d591ddf3ea0cb34de8ed6148fd6cacbf67282196fc81022c0b16485e481b40
-
SHA512
b3c2e22a2c1d7fc8f8a3f6a64bc343666a7bf77b9f1187fe8a7688b460201d94c23eb3817c02dbfe3d0bc6eb2bab7d8ee4b8fc7a877c62797694f136ca44bd4c
-
SSDEEP
768:Ji7gcMiR3sI2PDDnX0g6s66xyP6/YoTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFf:J3QSdTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2172 msedge.exe 2172 msedge.exe 2776 msedge.exe 2776 msedge.exe 3436 identity_helper.exe 3436 identity_helper.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2776 wrote to memory of 3224 2776 msedge.exe 82 PID 2776 wrote to memory of 3224 2776 msedge.exe 82 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 1184 2776 msedge.exe 83 PID 2776 wrote to memory of 2172 2776 msedge.exe 84 PID 2776 wrote to memory of 2172 2776 msedge.exe 84 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85 PID 2776 wrote to memory of 4876 2776 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39b8a7881282d37ef44983f73cfda44_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfd7b46f8,0x7ffcfd7b4708,0x7ffcfd7b47182⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2464 /prefetch:82⤵PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:12⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4719151063044003270,2863167363552190448,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5488 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:216
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3176
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2360
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD543c461e4c78d0e6ccdd9a3823c244872
SHA196d945cd08e0efa78afdc65830d879f47709b319
SHA2566cfda9127dfb63d9a517f50c4bedd9c348d0d7d4facf765ac730dd76d9badd11
SHA512ab83f159ccfe2e1165b98cdc1499b6b9634fb2400daa5124d1693ee3ac38b7ea648e66147160db90d43bea1524c06e78a7e6b0d5d60d48f2b3648cccc5975d2a
-
Filesize
6KB
MD51ba76dd5dad1b8f85cc9e19c1f0d4717
SHA1592bdeeb9f5ece25f3e857cad51b1b39a81ebc68
SHA25667d26b133bc3af50e97d9de89791c72aef2fcac256c08d7eb04a7690a5cd79ed
SHA5128a33a625810f4e737c79e86203ffbfc4355482a4260df033ebfecfc0c8b355e01e3f375f0f08575794bb6b680c9060b602e4ca57fa895da48ee9f93e4e4eedfb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD59d73c36815a59affd616b22904608973
SHA123d0b3cb8a9a33dd2a217a72d4342606201b44c7
SHA2569ebd3fdfee07f1baeb11002846006a90360225f06df5061bc2f472ac49e30e38
SHA512cb8518bf7f2158a18089094705c86977d6ee6ce0384be4983505c5cd0e2687c91c2b0806bc53b3c7878486c999a327813032728ec710d9d4308102316f52a8d9