Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
a39bab7f2d056384a8aaaf95401e0603_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a39bab7f2d056384a8aaaf95401e0603_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a39bab7f2d056384a8aaaf95401e0603_JaffaCakes118.html
-
Size
79KB
-
MD5
a39bab7f2d056384a8aaaf95401e0603
-
SHA1
569c468630a55456c02b2b76efcef523b9a264d9
-
SHA256
acea6860d558e5acc1986bca80fcef97af6d747333f87a5ab42a46d1d27ff96a
-
SHA512
02fa487dd300b85c8507557737f51f2e600606815d0545c37916bbfa7c7996269e14c499cb4d9bddc8835a8b694ee161ceaca5768406fd024c71e91150c92d46
-
SSDEEP
1536:NNBlNvyQEB05b90qwA4sW8vNxVGaayPQyVxvaTn/VMqGUwXTrWmrn3O5DHirzdBP:nBlNvyQE60qwA4s6EPQyVxvPjymrn3O+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2636 msedge.exe 2636 msedge.exe 1404 msedge.exe 1404 msedge.exe 1840 identity_helper.exe 1840 identity_helper.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1404 wrote to memory of 3184 1404 msedge.exe 82 PID 1404 wrote to memory of 3184 1404 msedge.exe 82 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 1436 1404 msedge.exe 83 PID 1404 wrote to memory of 2636 1404 msedge.exe 84 PID 1404 wrote to memory of 2636 1404 msedge.exe 84 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85 PID 1404 wrote to memory of 4732 1404 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39bab7f2d056384a8aaaf95401e0603_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b9c46f8,0x7ffa6b9c4708,0x7ffa6b9c47182⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:82⤵PID:2600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:12⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1900
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4348
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2276
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
Filesize
643B
MD5ee8644af67f24219bb42b78596bb50db
SHA138734565b2ecf0ac0fb45801449c8e407b4fdcd4
SHA256d7a81de0ce1a4f0b11490b92e2bfb1510455de5d5a214e41d35d628aa705f16a
SHA51233e3f19099f7f82aa0949bd7d4cf12fc8256fa923223a50b225a527a52fca5497a2ffca7119cc0e9d6582ba38fad786ef7fdb95379cfd2a2d38384aed62d0f7c
-
Filesize
6KB
MD5546ab37d2b73a38bb73f5379a4e0e9f2
SHA191ad30909b40610e7d5f4787a6d86d66d653a16c
SHA256eb52f3f74372a0312760b83b386e87bb6c6d2894c7baf4509d29637968a74da4
SHA5122747ecff476a5f2d23a546c19fa9c395c72d0a564d8c6723f4620005b797c59349ab47fc8a17b3327d4ca77907f3b36454787c980723fa777c5503b0ed913bce
-
Filesize
6KB
MD5a341e7d98111236e46b51955f3018e75
SHA1daa96bcfaa6cb3e5437546ed129842a6ab423f31
SHA256ad9ce943ef6674d7724e036d4953e8de19f3b5d757b309f04f2f75f91f0211ac
SHA51292ae6702b3f7474f497f89cf71adf1e8641cbe8ecd40646bd378bb978ea1dae6064d88d40e1b51cec7afb5aa68ead04fa1d4c5a1c4f3ca98535786077ca94bcd
-
Filesize
6KB
MD598f03f5e8a59608a6dbb63d2b709f46c
SHA1e948ddd43076e82ddc0cb7e2079083de1a05da60
SHA256f0b75fba21c9f48496e895792a3077e30f998991aeb0830d5317c308faa7e4d1
SHA5125604f9e32c372b6cd64f0e7c7a9b7721c5cba45705bee7f33203c4fd391dd22f4705256e0b92d3a866978c2a1071668d7d7e6626417ff2f47ca580b3a2b8876e
-
Filesize
540B
MD588eb4fc0c475f8d8ca12ed087e836783
SHA17eaf40a258b5b8c5607fb06379aba10418c0cc75
SHA25690a799bea99582826928c6d760b6338d21fec6ec931a6f4fba915fe5901242f5
SHA51264a393265bad41a7d48c812ee3afdd63fc1dc4ee269787409ed4c6c6b2a5bf97db7f6e2e7f84a8c3584f11e3918975a6b6223800ac36b4e00f347f15d66466da
-
Filesize
540B
MD5c2b423e75622bffc83f8350b9a8bbebe
SHA198a48196ef6e7615e87df15988675f66190f0c0a
SHA256c67995e19eda894cc6253993537589e78ccc735446434e72f3f1fffcf9505299
SHA512272705c3c82632d6f2225295595fcbb5333306091f20f7fafcc1c9a7f4cdf8f37fab25ad15d03d542cd4b60cdbd66f60ac295e59d4de5caf836ba38e295cae2c
-
Filesize
204B
MD5825dfd833359078c5561b83aa97b075c
SHA139acea01f4dce2ca3970c6b2196ace6ae815acb3
SHA25679bdf123016e1daf6e38202fec19ff9b6ffa776e4790ee0dd982f49d89a68b4d
SHA5125e320c78d49d7e0d47db34ec3b9d4011ae5ad1a4b9f96241a2ddbfe9b3988ad17e3245b22a5dcb7a1010534f4b65a92aaa08b390cca40dea31e844ad88e7a0a3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b5de49e8431996bf0f9be75cb266a69b
SHA12918946fc2e73ee308b2d19db0e3a48e4ee7933e
SHA25664633da849221cdd09633ffb30b0a7f524595130cfc7ad8620d0b8ff741db7c5
SHA512fa2e0f8cad9302089e163b88ab159c2d05b2538b3cdd0dde581714beb788adb31397671af3a3d260236156aa57b19a9a0e095cc77c4537e71d52039f4f656231