Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 06:26
Static task
static1
Behavioral task
behavioral1
Sample
a43190d2401ce9936d7ac6592698d771_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a43190d2401ce9936d7ac6592698d771_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a43190d2401ce9936d7ac6592698d771_JaffaCakes118.html
-
Size
17KB
-
MD5
a43190d2401ce9936d7ac6592698d771
-
SHA1
ac308ffe5c48a650e4d7d52680f1bd0cbbcdb131
-
SHA256
6ae501373dab23e73eb0195ada99a10d75424134b35d54b515ba4d182749fa90
-
SHA512
35aa7d95f35245f3005c4c654e751dcd4a1c4ed62e7f630753f70b7de3812b44474677bc89b5c5c5743a4662fbdd1ef8e66074d8704efd6e4df07b95578db755
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIV4fzUnjBhZT82qDB8:SIMd0I5nvHhsvZIxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4268 msedge.exe 4268 msedge.exe 2544 msedge.exe 2544 msedge.exe 4060 msedge.exe 4060 msedge.exe 4060 msedge.exe 4060 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2544 msedge.exe 2544 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2544 wrote to memory of 1800 2544 msedge.exe 82 PID 2544 wrote to memory of 1800 2544 msedge.exe 82 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4736 2544 msedge.exe 83 PID 2544 wrote to memory of 4268 2544 msedge.exe 84 PID 2544 wrote to memory of 4268 2544 msedge.exe 84 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85 PID 2544 wrote to memory of 4420 2544 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43190d2401ce9936d7ac6592698d771_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabdd646f8,0x7ffabdd64708,0x7ffabdd647182⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4316
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1168
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD5d20711b561879a6fa144881885f6132c
SHA153455067c707f32fbc4026084b1f1bfa4ddbf75e
SHA25645d3129caf88a046f7cda92883ec89328cbde9eebb25931cb40d8e7dfa25b4c4
SHA512cac424cf7ca0c6d9d880b7c3f357e2b8327171400ae5ef8610b90f4def94936b4d0417ebf99cbc3759748fbc9b131d4b0dab81ce59c57709258a75c406e26b91
-
Filesize
6KB
MD502e09b60f8ca06eccd17063bfb6baaad
SHA11c5d934d68200f2d4144565f633d2847ebc26fec
SHA2569e5809961765952c88ee5baa799ee2bc9fb9fddc8d0296a86a984fecc8e9174b
SHA512735bf47835c527745d9a6fff4b85329c3939884150916099f7255da92b4d9d7d12fd7b74dd4f905b517de3d255487fbdb2b66e075bc42bb16d317a381925bc03
-
Filesize
6KB
MD5e050f73d55498bec0472ba591d84e81c
SHA11497f24f01fe0ac4415ff285f4392026301b994c
SHA2565f55362f75473d79c7495df4b1ac3b9727a0891021f90058fccc1f7118f0cd4b
SHA51260747861934599b0fb0a53966ec28632e5233f658e2acc5319cc71c345a21afe98d1d17a71fa2d6bd2211ccf474a0225a179b2b7dcdc0b91cf3793e690d774a9
-
Filesize
11KB
MD5de17d2c9d474366e1ee17e15b8843bb9
SHA12e1a9f63d601731a1e9ea98fef3ab0e08792774f
SHA2569327f7c9e092ddf922973e7429d7857d0351103c83e659f68c6f5a393d4a17cc
SHA512e80648fb50efaacfdaff164c4b7cbecbe4b8f050cefca264128a0c156f6d212e034c36dd433132c80021b5991899961c308547cd8788d82b854583b9711e5d03