Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 06:25
Static task
static1
Behavioral task
behavioral1
Sample
a43067fa6d6d955e7f04c3c0356e8778_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a43067fa6d6d955e7f04c3c0356e8778_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a43067fa6d6d955e7f04c3c0356e8778_JaffaCakes118.html
-
Size
33KB
-
MD5
a43067fa6d6d955e7f04c3c0356e8778
-
SHA1
dfd2b82fa1673e0909cba38c4288b28e152eaa48
-
SHA256
b6ddb6b71c2b54342aac6806cbea8168c4351813665b0d41f6fa0f9d196d0655
-
SHA512
2be415671c5e2878f1e0cbf2071f62920c4b3bfd61d3c7253c894395a500526a44b7935b7e1e4d0f97f8487d09175b3d641f41dc62da57371a1c2cb570bf648d
-
SSDEEP
768:9dwDqv/oOH/HAQgQWIAnHaFAhb+fHx6jh1iksqzNnNBb:9dee/oOH/HAfKAn61Hxoh1iksqBnNBb
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 744 msedge.exe 744 msedge.exe 3848 msedge.exe 3848 msedge.exe 3052 identity_helper.exe 3052 identity_helper.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3848 wrote to memory of 3252 3848 msedge.exe 83 PID 3848 wrote to memory of 3252 3848 msedge.exe 83 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 772 3848 msedge.exe 84 PID 3848 wrote to memory of 744 3848 msedge.exe 85 PID 3848 wrote to memory of 744 3848 msedge.exe 85 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86 PID 3848 wrote to memory of 1148 3848 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43067fa6d6d955e7f04c3c0356e8778_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3848 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4c1a46f8,0x7ffc4c1a4708,0x7ffc4c1a47182⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:82⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:12⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,18161790765720180844,11845769803834066993,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4600
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\79253388-8ccc-4386-a5a0-a283d712fc5b.tmp
Filesize6KB
MD50a87e827865c0f5b1797a31711026eb9
SHA1a0989e36517045dbbf4b0cdac7fd5396654fa517
SHA256eee8c9c4bb28c0af70544b5bbce9528b60a2a4e07b8d69a5050db6e69b64745d
SHA5121bb8376fb3404e119c8fb366506e4753a646c55ad4c9cda0409e8f65d1cc3c7c1f96f9bb2dcc6384b910f1f20207bd345de86f4a588f76b1cd27f41bf2f8a51d
-
Filesize
180B
MD506c600e1e59022db5e00ce689102a7ad
SHA10bf35e79e2122546550ee93a9b30f5b3cf16203b
SHA256df74c1bee570c94aab4271c03f61a0ae8e4914d547b89b841b4a9695b2fb8c9a
SHA512f2441c06b350d9f2de04b1a4f994b718e25e99e67ac4fa43d1fdffd723048012d0b47cd25a848790b667e2d3dead7fc8856b8e9988f956a4732b6870926d564b
-
Filesize
6KB
MD5eaf5bd19a107bd33f19f4288d57c936a
SHA1842be38511f0eeabe8bef4b5919d6fb41c7c8a84
SHA2567364579c662ccf30ca2f8ca878e7e0f5e4940f8f86698ac4bb0015e4e21bd71f
SHA5125d96ffa54330660e34482d552f787993bf0eda83151d9d82fb1862de6d53821acc4c8d4cdb4a07cb5b0fd7e64ae1bfcde80381d128536dd407996471078d4573
-
Filesize
6KB
MD5dcfbf5e5abea7e94f3555ce279f01cf5
SHA151723629b431a112dcc1647e38d20a608edfa2ac
SHA25686171d04c8a43b177da13cfd565c04251c28ec1f87561277d1072d32c442e650
SHA512807109b5fad41bb6aa1d7a366f5ee0ef559a46f6b441fdae5b73568f1bb6df6758afd648982ab901b0bd9f9aad2a1b095d4c955edde87016a7a552ab76db7820
-
Filesize
6KB
MD5f8e543433ab079a3a6403e806edab60f
SHA16b72bce3c7bb035923de37c57793748504945c12
SHA2569284d8b40744991934befb4dd102b2bb08f72fd79d9140ed62013df09d0179a4
SHA512bd7f66cea1df9e91d4d2e338e1101c580966a361e282a4c8f2136208cb9a4906a76d7e2d3f20905105d2194c9d9f2b73a2e538578eef030eb509ccc5b24868b2
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD541dad10bf38f67040d427b4c7c36e787
SHA196f45a984380be2c57d71b9cb3e65d6749a5aa4f
SHA2566f3f3ffb23352b77382155df70511d2dc4427dee36e1635f680cf2db2e5d8301
SHA512c77b19f92b6b3e03b840bf4bb075401364a197ef2a72905bbb9b4d908e4e8605ac1f9e1c8e18b4d17d749c78fbfa9eda1b8f04e08c8c0ee82d1f9ced415961b2