Analysis
-
max time kernel
147s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 07:32
Static task
static1
Behavioral task
behavioral1
Sample
a4710045b2670a99123fd9842981f31b_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a4710045b2670a99123fd9842981f31b_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4710045b2670a99123fd9842981f31b_JaffaCakes118.html
-
Size
60KB
-
MD5
a4710045b2670a99123fd9842981f31b
-
SHA1
c68405dbaa19ab2e08ca8d7ccef913dc94a95587
-
SHA256
3b2ef5a54283f6f9a428686a087b4aa723ad246732c5821cf5634ab0277a1d36
-
SHA512
b86af289a293624aa72e9cec308ae52878aadb83bad16a7901c61a6a778f7465961dba5e7ad787a7914eb5cfb58bb0b09d7f5188f820723777cf9966a77152c4
-
SSDEEP
1536:7mvXvVyIoN7+dnuiWZMYm3x+9VHhaBxpVdjhv/xmIxcF9eG3ihwj:qfJEM5kjHhaXv5ng
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3764 msedge.exe 3764 msedge.exe 4400 msedge.exe 4400 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4400 wrote to memory of 740 4400 msedge.exe 81 PID 4400 wrote to memory of 740 4400 msedge.exe 81 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 4916 4400 msedge.exe 83 PID 4400 wrote to memory of 3764 4400 msedge.exe 84 PID 4400 wrote to memory of 3764 4400 msedge.exe 84 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85 PID 4400 wrote to memory of 4532 4400 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4710045b2670a99123fd9842981f31b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ec6f46f8,0x7ff8ec6f4708,0x7ff8ec6f47182⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:22⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:82⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12833928839408808003,51115268826399516,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4472
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2688
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4428
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD55b2e8ea010d72d7d81d4cc1cf75fbcf0
SHA15c1e7f484ea94c337f30ba07d42ee6c62d578a0f
SHA256583fee45464b03de1c16ee11d2a7e94f33183ef5129c936f49584d39fbef25dc
SHA512f24f9a81bf9fdf4847ea02f6f84fde6d4d6f58131ec3dd3c56c06f361a4838a2666cce9981c0509d9919d2fad6f6aaeebb01d0aed6d8c1e487c2d290bcff3e95
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD5fce1ef220bc019ac2abd1a97529ab92f
SHA1f1c5a1cba30b0d137d6bb862abf45afcb9de80af
SHA2565e3aed43b356527df44ea0f73031aee736b9d1487883f34cb6117b04d6bdb3ea
SHA512668b282c01a166fc086edcfb1b1d8ecf5dce863f8a36a5871a2de906feb8547572eb483f291b045b78a6bac6c7940a6fdaf461aa84b1ae34d9755eb35276b194
-
Filesize
7KB
MD5174c004bfdd78da75761e0cd71e2c825
SHA150311a8681692a2b0221264b42b1a9a68d594d98
SHA25605ad6bb01a572a477cd02baedc7013f830a18a48c561097c3cf562eac6a6a0e9
SHA51203b46941fbe5f6b86f2ef335bd45c9697e73367e184148051ed7c90336a81cccd9ba56138038c631a267b1926b6075ab73db30dd5e147b1f26199c59a9853b3f
-
Filesize
6KB
MD599a28175d1a893216c2a40b18169fa71
SHA15dad3f500f974588a8ebcba50fd83f5149553646
SHA256e251d8caed23fbcc08daae1799a42213ac64961e884fe5cc7db4feaeffbb1a1d
SHA5128566e01f23c399d7d514840a8576ab6d3e70e859462dab53eb6ba75f7d957248a8466b8960623b30b20dfeba3a26e561e549b87d5a06543d9417e5b1c37efd23
-
Filesize
1KB
MD5b01cb6b728e1f34938919e7c2f2ed772
SHA120efada003eb129ebe9db5b72347df7b90ef7ec1
SHA256411777102efe84acf0ffeb42c3d0faa6ce15359ad05a27e1ea181f780365b23c
SHA5128d1189935a7f3ba9113fa340b99c786f74b3c7f45ea62b89555fd3d23b9ce5aa099c38d12a09b89b7975da62031816488623e6be752f099e27546a201a3e3730
-
Filesize
707B
MD58ee8b0edbe2feac81e7c185ccb321278
SHA1c934c15350ca5959f993aaa7bf228e2094b73bb9
SHA256ab4e5b4d33f2875bab6d879994a071ae27a2b35f6a9a5df51d4ed98d84b8768f
SHA512def181d04b0a1af354e7f488e2d8d93dabc1da27131eb3fef9ad225aafa0a675ee5e6636dccabf331af9c1594035cb62eb2e821a9c938d53f8da841aac2cae1e
-
Filesize
11KB
MD514dc82f14c5a8e74382ca3674b5ca0ac
SHA17dc3ac359c1da7c9bfaa46ede6a6b7ab8baee527
SHA256a0fa30286c9746dc072639db18664870148f7e248772ebdf69a73012aa46e16b
SHA51289a31b861bb83ddcf1977ca1b190d6fa58d0e26494f981fd4ba1b413c023b7ace558ff13ff0b91749a663b8f32fe8cb3287ed6fc0801dd379b0355bf40310079