Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
a39bc77b00aea164753da2f5b9611403_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a39bc77b00aea164753da2f5b9611403_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a39bc77b00aea164753da2f5b9611403_JaffaCakes118.html
-
Size
6KB
-
MD5
a39bc77b00aea164753da2f5b9611403
-
SHA1
07aa3551091245b15973b6535bfff265ed4e5475
-
SHA256
d0b1458632de474d0fbf9d194b83393fac31f0555d4767990af130a7faaa0e9c
-
SHA512
aaa0bf68055e2893294738b3705bec58ea494776d17aaf8d7eeca8e42ab8907d4839a49a14f08d8a8b3de7daeb8e7e79cfd523199a3aba1e899f2af0a434989d
-
SSDEEP
96:+IVub4Tsuxe5nLlQ63wZUWRwHW1ugW9BI/M69jPUwp9v+/DLp:+Isbyo5hQiPWRw2lW9BI/M6hPUwPS
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3556 msedge.exe 3556 msedge.exe 1852 msedge.exe 1852 msedge.exe 2288 identity_helper.exe 2288 identity_helper.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe 1852 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1852 wrote to memory of 1664 1852 msedge.exe 81 PID 1852 wrote to memory of 1664 1852 msedge.exe 81 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 4020 1852 msedge.exe 82 PID 1852 wrote to memory of 3556 1852 msedge.exe 83 PID 1852 wrote to memory of 3556 1852 msedge.exe 83 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84 PID 1852 wrote to memory of 2388 1852 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39bc77b00aea164753da2f5b9611403_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1852 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e47182⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:82⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:82⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18001001868763858241,8478936064532685625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5024 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3624
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:964
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4220
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
5KB
MD563e040bbb914f390b69866927471ceba
SHA11e55083d7595d0eec1012fb04ea501b29b74b0bc
SHA25640d34a3f2d1c512af258bf9f620152bda24225950ec3184b3fb3f09cbf5464e3
SHA512d191d0d09b588b898d4cd8ca896df1313dd5a7059a40432062f569a69559b8d063f18b0748975863b2c81bd188808ae2f5a7d5692f77c8d50a84771b8d1945a6
-
Filesize
6KB
MD5e43c1e140e9a2166ae95e39035611186
SHA112a799ad881ccacb68c67d08157e11dfde50f8bc
SHA25611dd7497ac9766f558c15e7eff2364d2f05393868958698db88389088aa6906f
SHA512a2d7e5990cc2615cdc0c2a4e3003b9eb1b51365ddbb2b0cd874f1a10f41537c03ed694db9ba6450160f2287f381120dbff803eecb472c0e103682f7515856608
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5e3105a3dceee25e418c911c2299c0d21
SHA128be2b8f75f8114448ab0d1042cc577d1021fa1c
SHA256a91cb46da30ca97d50418168f645ba52eb06399f1d2c4b968b19ae7da99f61be
SHA512c917ca5398f0e731d53af71a5de9feae39343d9d7dcce1077ed0fc87d320bd6eb671f02638dded96dee4317544d67670f606aba0ddbbe3cf35e4a191560739fb