Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 07:31
Static task
static1
Behavioral task
behavioral1
Sample
a47049b1014c584a73dada82ec8a284f_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a47049b1014c584a73dada82ec8a284f_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a47049b1014c584a73dada82ec8a284f_JaffaCakes118.html
-
Size
52KB
-
MD5
a47049b1014c584a73dada82ec8a284f
-
SHA1
ec7a0e058582ff7a45a8f4e2307281abd892d67a
-
SHA256
8dda46bd66ceaab922d64fa9f991ce1fcf630ca1e183514df4496bf034d27a59
-
SHA512
89a9c1a25e56c933780c32b0f6367bec65bbc91e50c3708683c9ea855b19e7f941994cbb537c30920a3a07d77c7502b42e72b40bd30facc6b4025eea93d515c1
-
SSDEEP
1536:x/GNM5k9L9PBjwpRnj53XvbItvf13LbmtQXLWgag4z:x/95k9VBw1j53XvbItvf13LbmtQXLc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2956 msedge.exe 2956 msedge.exe 1904 msedge.exe 1904 msedge.exe 4288 identity_helper.exe 4288 identity_helper.exe 2792 msedge.exe 2792 msedge.exe 2792 msedge.exe 2792 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1904 wrote to memory of 2976 1904 msedge.exe 81 PID 1904 wrote to memory of 2976 1904 msedge.exe 81 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 884 1904 msedge.exe 82 PID 1904 wrote to memory of 2956 1904 msedge.exe 83 PID 1904 wrote to memory of 2956 1904 msedge.exe 83 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84 PID 1904 wrote to memory of 3700 1904 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47049b1014c584a73dada82ec8a284f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1904 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf84646f8,0x7ffdf8464708,0x7ffdf84647182⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:82⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5536 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2792
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:832
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4796
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD562a7447eb3e5f49f3c6be64b3b447a66
SHA1c81a81b9e554f32c15f8d0053840ed772d2a2858
SHA256e08d8fcd66a0bce1bb15a1efe3e0c06beacc7dca903f0a45db8c9f9ac55f2484
SHA51283ef77b85e9449f734407e4aabe9b3ca031d3374eef11e3e748ffee762770836a9d8f40f6b149cfb36e10a876eb722f63169a08f34a904bf42005e8cbafdc55e
-
Filesize
191B
MD5ab5de4c2d2ef2c14bd6d417cdef347c1
SHA1cdf27ea99990c0b78f14531eafbe1c261ee145b6
SHA256b9824faf211d25d843bd3e4f628246effaaef8a94597d0c028ea780db52749ff
SHA5128ec5d5a147c271860d363935cda6743cf0f63ac6a2ca1ea9fd10a99f9f4e689426fa9107997609061755e8b5af48a58d0b6bee661784687df0cc2729463ee48f
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD52ab428bbc3939cce04b1fb7c2bddda89
SHA1fe3693304c71fee4c1c2079210bfa0b66c6d7d37
SHA256c9c96711dac85acbde983f4bb9cb7e1a400b91f010d05e05dac320e71f2ef35f
SHA512c574e7b2144ed0eca35d74dc089da3b4cc09b2f47567c4d61266858dad1a1e94b36b9b6d8c787d37b4d2e775a59cbccfd2b86bd5a179e67af22339c8d834c787
-
Filesize
6KB
MD5b3c31ac2b11c7b4da4f8ca4363cf790d
SHA1feca94542c003cb19696c4a144ff9e93f842df77
SHA256934ac35a82bbfe64a2650c7a1cbef8249a4078ac1b18aa85f6a7d714bd531ec7
SHA5124d3da2178f073d392771394e1516e60955afa41abcc1651090b34593486ac9ade595bfc268ed968b77f21f9acc06a44a4c8cbdca9b036cdea21587c30fc04e49
-
Filesize
6KB
MD5e566be066d8d947372525a7b950c7ff1
SHA1d14c7e3d67cc56bd952d8b218cc8933ff671cd14
SHA25657e58a771817aa2e9c3b512cd541c95dbe9f5bf9141f523b3187368b1627827f
SHA512e0e9531a1da804d6357ea4b6dbab824887d004606c7960b471c4c0b7022ba02de713020d5fde1a02ccf70bffc8086fe19df4ab322482af204d4d48c718e106cc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD51c728b8ac0d5f5597583a3c0a80081e6
SHA10c9ccdd97ae875cc19ab0abae6a5340d3f9d5884
SHA2564a2d65a6043739f9414d411fafdd950fdc9539a9c101187c44b6f5a1acf85e08
SHA512f451adefa405f7127835b13206c00227161845df7874ee3c9deaddc50ad6e193fc668e79c0b913fd1c943eb0ff34bf4bf54fc26aec95d0921428e04db9aeaedb