Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 06:25
Static task
static1
Behavioral task
behavioral1
Sample
a4315e30285ad13c85e3b3cf9f48e9ed_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a4315e30285ad13c85e3b3cf9f48e9ed_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4315e30285ad13c85e3b3cf9f48e9ed_JaffaCakes118.html
-
Size
254B
-
MD5
a4315e30285ad13c85e3b3cf9f48e9ed
-
SHA1
c77271e7e349a4b96ba8b664ae773faa4e036320
-
SHA256
0697d57903bb4bc243d1cc922984f7e1b38454361683b14845dacb7fc7a42573
-
SHA512
c8a2d11596f6fbddebd8263a4be1c627577257c2576e2595056e895e61639907277e1de52dc74e6a5eb4d7df3a161bd41d7762b026795552aa8196d12ea57cf6
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 220 msedge.exe 220 msedge.exe 4988 msedge.exe 4988 msedge.exe 2168 identity_helper.exe 2168 identity_helper.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4988 wrote to memory of 2080 4988 msedge.exe 84 PID 4988 wrote to memory of 2080 4988 msedge.exe 84 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 4712 4988 msedge.exe 86 PID 4988 wrote to memory of 220 4988 msedge.exe 87 PID 4988 wrote to memory of 220 4988 msedge.exe 87 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88 PID 4988 wrote to memory of 224 4988 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4315e30285ad13c85e3b3cf9f48e9ed_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9db446f8,0x7ffa9db44708,0x7ffa9db447182⤵PID:2080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:82⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:12⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,125567915167395078,14513232819830241078,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3092 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4676
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3112
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4984
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
6KB
MD5589e2bc1ed83c46ebfb40accd1580f96
SHA1d259abbfcdda371d76814ff8ee6ba8604ddcc137
SHA25635391497f6a54b3d2fa2c12622754ba0b32a9c561a2078b85001f0688abf0fce
SHA51224b1dbd0ffcc953703babb250b1ed1c490a2268fe563403b6fc115fe3f3a599c9aa8bd3801b8b005788a0f561dc31a751eba44ed0c9191196b03eaa743876a24
-
Filesize
6KB
MD5035b60690ce33c51ae69b0c7809103d3
SHA1e75bd545c865e95c7efcf8510053d23a773f5350
SHA25613d6a8a757aa061666b10af4ee8f85e55f259a1c86e1ddc4f13c6082605c34b6
SHA512581b4fcacb60bf703009638e893b83c7da29840699054c6291821778f6a94970053a4b1f3a23b3b9735fff38560330249bd2200e37f1974207b62f04ec5634b4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5503c9efbc071de5f8fd49535f2a81f54
SHA1d30b8c98c9d4220f377c7f9f3dcda4b2946e229b
SHA2562955b84d57d1bef694284bd491e2cde39913fc581f8652147a5abc9de65f3bda
SHA512e9e7890496c1448bb77b6e1ac946b00d0e7b2c537ee1ba4c0b7f7fe497eb371e447e38b1bd0a1c6e99f4a0319cdffeb88de5f3a9af12a030b5003fc648aead55