Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 06:18
Static task
static1
Behavioral task
behavioral1
Sample
a42b0b426f29437ba59268bf6b2a9938_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a42b0b426f29437ba59268bf6b2a9938_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a42b0b426f29437ba59268bf6b2a9938_JaffaCakes118.html
-
Size
27KB
-
MD5
a42b0b426f29437ba59268bf6b2a9938
-
SHA1
143ce0a975a055e1e7283a794b38aa9a172c81f3
-
SHA256
ce183bc50cdfbdcec6e6168c405ccbc5c400cb205a39eb25c5ae4100a998dc44
-
SHA512
ffa44e84684c6ad62b973d8c48a5c4cc98bebaee5b81c1402f00eb4c7f1bb78532e92e26080d463acbcfd07e2e9efa302f705ca285fbeacd5109f1e0ac27be79
-
SSDEEP
192:uqc37yb5nQGnQjxn5Q/fnQie+Nn0nQOkEnt1tnQTbnJnQ0CJVevo7NtpFo+NzQ4w:neQ/5ygcK4wX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1152 msedge.exe 1152 msedge.exe 2492 msedge.exe 2492 msedge.exe 4364 identity_helper.exe 4364 identity_helper.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2492 wrote to memory of 4616 2492 msedge.exe 81 PID 2492 wrote to memory of 4616 2492 msedge.exe 81 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 904 2492 msedge.exe 82 PID 2492 wrote to memory of 1152 2492 msedge.exe 83 PID 2492 wrote to memory of 1152 2492 msedge.exe 83 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84 PID 2492 wrote to memory of 1444 2492 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42b0b426f29437ba59268bf6b2a9938_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d47182⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:82⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:4100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13448914455969944106,2004455612954260683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2172
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3700
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD5c655c58bf18554b9e009896a7065ca90
SHA182c25d8bc3c701dca5d0b0a11aae2230cbc3baab
SHA256b4b5ae33ee817119d4b965a3b74d82b8e9bec3d8e5b4ba53f7c6c01b3351d558
SHA5128c06163aadd633b0c88d37036b7ae841d2e1e624a7a6caf2afdb370af6948f557040412133b15ff60fd88cd052da321ae24babd756828b4405d06b9cf7696c95
-
Filesize
5KB
MD5e35116d03f9f7cf904e606508fa6ef41
SHA1e2cbe83009bdb40f8edf44754c7c8a6261e6f568
SHA25663e7280ace87df45cb062c3e5a950e69c9bbc3ea639d9606c9322e831a83968a
SHA51257fcd2a6b7fab94f210e9c0f7ee81aca4cda791aeffea433523659227d9a178b751aa60df8fef583922044f1cddc0cd1b22bf67814c40229f56fc121c7866176
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD53f47564ab909b6d6293291e9ac41ac51
SHA1cd22f50d71241ec39859206bc705c6dfd82eaace
SHA256d9decf2df39a94feaf819ec6cf7be0fc9fadea9fe3b7cfc9fe0dca4582a12a8e
SHA512c680183acae7fd16bbcab4c4bc6771eb016b877c8641500628bae5513ccfc31eee9a846a1daece9c0a0aa49780b8cbf8de45933a05870d68f7ecaf23c6cbb8ed