Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 05:47
Static task
static1
Behavioral task
behavioral1
Sample
a40e79088e35862276d216609b5c2ecf_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a40e79088e35862276d216609b5c2ecf_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a40e79088e35862276d216609b5c2ecf_JaffaCakes118.html
-
Size
87KB
-
MD5
a40e79088e35862276d216609b5c2ecf
-
SHA1
1a22dd256938802896191e1669f8862c8d2de920
-
SHA256
4ca8de1e189af41b9ebb6efe7f0486265cd3f8b6a7a76af0d219cdafbfa5868e
-
SHA512
86ea7a5c4d45bb8c88f48aad64c17850aabf39a65185d903f44e6aa208f25055ebb6f2177d80f7eccdef5a43b2dd5bfb430e38b8fd698a6d93d943d07e8bacdc
-
SSDEEP
1536:ft5o6K3+q1ZUEm9DH9e1FzWm018/LdFDFIsQkEd8jOA4WQI4HVTqw2EMWYBrvGED:ejE18vxSwOA4WQI4HVTqBEMpo+DYGSe
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2284 msedge.exe 2284 msedge.exe 3404 msedge.exe 3404 msedge.exe 2172 identity_helper.exe 2172 identity_helper.exe 3712 msedge.exe 3712 msedge.exe 3712 msedge.exe 3712 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3404 wrote to memory of 4088 3404 msedge.exe 81 PID 3404 wrote to memory of 4088 3404 msedge.exe 81 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 3292 3404 msedge.exe 82 PID 3404 wrote to memory of 2284 3404 msedge.exe 83 PID 3404 wrote to memory of 2284 3404 msedge.exe 83 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84 PID 3404 wrote to memory of 4860 3404 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a40e79088e35862276d216609b5c2ecf_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3404 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a24f46f8,0x7ff9a24f4708,0x7ff9a24f47182⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:82⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵PID:112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:12⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10102337265630555093,1044374014170859389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3712
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3296
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4836
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
182B
MD521288b4d9c0c0113b527ea64b5388e34
SHA1634686f9842986ab0a3419eda6aa8f70f9c388cc
SHA2564c7d2bb7f631e4d60278030e90bba17d19e024ba27d9b3e980587f3525561788
SHA51245cb5e6cac3cff3a39b3e7f14c3b7eca0003c69218d69a8426e7cb843ac87dcfcf5e8e2149da337265a8ad2aa9d899956686a7dc569875dfe33efbbc3ee50d71
-
Filesize
6KB
MD549d1ca07cf79db9d1171a71a1987a3cd
SHA109dacf25b70da031ebb6d254b0789d37fdbd7f5c
SHA2568d561b590d60f57c4a381ecb7c5269f5ab11623b737c33939d9d0fffbb9f77d6
SHA5129f3e728a520776a9f2ca2eac675e39333447b5fdb795ba9f17906fe83d8475a45001eb3ec6d2862549ad3c0be051eae858fa387d1995b8a41fe2c252a6dc7c41
-
Filesize
6KB
MD5ff9d4fc1b30122a2781f7dad77cc7557
SHA11694152927742647d14d56612ca752518667dfcf
SHA256dc1cf1c533193e0cb309b9a1d7afa827d6be97dc57cb493f889c2ea2c5b8a485
SHA512b7c47e36e77ea782f357fe6a818b0a32cd4e90c21d53f2ff3b01628c763597cc20bb819c8317b07bf7539dd4ef77ba42197de6d7486310a9c4fcbda4275068ef
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD553c64194f860463df59846e686a1dc00
SHA10250e0d87fbc771287a9d8a721085b0bfe154074
SHA256ef2b4d70c49e22955db7b0080596441aa9db1f64f0ce07c53c2194069c0576b8
SHA5123247e5f88ed39d47de1e19b1844b639b1f6083f4d58fb9f798d2d64fc03f16d9dbe9de3abb39eb0751d3f90b844ecd30c660206ed8b209df73fa7caf467c0612