Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 06:17
Static task
static1
Behavioral task
behavioral1
Sample
a429ef2898a5c951f3b7104985e86273_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a429ef2898a5c951f3b7104985e86273_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a429ef2898a5c951f3b7104985e86273_JaffaCakes118.html
-
Size
28KB
-
MD5
a429ef2898a5c951f3b7104985e86273
-
SHA1
b45862db0098ac5a138ec5647462d574b9aae733
-
SHA256
fb416ef4f009e40796b4122eeeb89ba121045d681287dba2ddbf28d2c6886083
-
SHA512
3eabd182aaf8f337cbffe712a74ab860b5fd6bf8a40b0f491f2d9dbce53ac32e5ab2a584e49f4e73ccfb1ff24ab20dac785e7485185431d08476fec54aaccca1
-
SSDEEP
768:S4zdsFqvfudlQVV1C5m1CCCcmzm3C/CnCQGUyrzB9njz2:SOdsFqvfug1C5m1CCCcmzm3C/CnCQKrK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1520 msedge.exe 1520 msedge.exe 968 msedge.exe 968 msedge.exe 2228 identity_helper.exe 2228 identity_helper.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe 968 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 968 wrote to memory of 3752 968 msedge.exe 82 PID 968 wrote to memory of 3752 968 msedge.exe 82 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 4396 968 msedge.exe 83 PID 968 wrote to memory of 1520 968 msedge.exe 84 PID 968 wrote to memory of 1520 968 msedge.exe 84 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85 PID 968 wrote to memory of 3712 968 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a429ef2898a5c951f3b7104985e86273_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca1247182⤵PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:82⤵PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:12⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 /prefetch:82⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵PID:552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9902845707021755285,16959541529417336295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4368 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:768
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD51ed2bdcde83402cf571bee545d363d71
SHA19793581f08459d4192b95e83168ab1afceac579c
SHA25661d21b2c4d0b32129210c83563708c5dbf9be18a064e73ee15d8a63053086ac0
SHA5123e99a3dc1c2882cb8e35c45fe2b070fd5ef1c4b0f962e68f0b16658b8be6d99e823f0d6b1afe567ba6c517aa9e1c4ea2ada1c383d96de0b888b556e25a927278
-
Filesize
6KB
MD5831cb71d35df28c6a2e18e160e9e550d
SHA14a85ca6006de8a4f4d04c4d63f8ddf84e2f118b7
SHA256a81130e1537ff96a63ba3e418ed5f392ec5d0a3428d26f784042c8b92d43bb3d
SHA512228f4a6bfcb78c16d7b8138373d2d25b3c823d7a652ae0bd6277d8c732664690af106c64a8a5788d4032ace5e4e9bdc8a26371f64967425ac5a405cccf469759
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD57336f5ff9a316ec5014d0e37f14321bf
SHA187ffa32e7fd36621f586c42cfbe6c6cdf1d792d7
SHA2560f9c1e578c1a2200cd2fa5a844e03fb7f7d8acc7c837ccc91062116ee1f03085
SHA512318931d6f95e962bfbd7368002e3f1125568f27ad72676842e325f35367f436d9a3faeb19b19412a850da2de4948ff717d0f8bd5f84c4eb4cc9b2d6929d31a17