Analysis
-
max time kernel
145s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 07:35
Static task
static1
Behavioral task
behavioral1
Sample
a47398ae7f85b35dee2d46b12f9b3612_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a47398ae7f85b35dee2d46b12f9b3612_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a47398ae7f85b35dee2d46b12f9b3612_JaffaCakes118.html
-
Size
460KB
-
MD5
a47398ae7f85b35dee2d46b12f9b3612
-
SHA1
dbdcee6734688a0836199cd5ee7b853a178aca6e
-
SHA256
dfe90504702933a551362c211a5a147cf35d0754fa2760962bcd748ae5687df9
-
SHA512
4d8f9c0415dc03ff29f4014e20c514a528f3b21064f87dca817bf6ee4e242ff1b7fa3d5c3b8b08fe0480eaef770df0b2681ddd18f27b1d76e68a68b624a56d57
-
SSDEEP
6144:SbsMYod+X3oI+YusMYod+X3oI+Y/sMYod+X3oI+YLsMYod+X3oI+YQ:Q5d+X365d+X395d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4892 msedge.exe 4892 msedge.exe 1892 msedge.exe 1892 msedge.exe 3164 identity_helper.exe 3164 identity_helper.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1892 wrote to memory of 4196 1892 msedge.exe 82 PID 1892 wrote to memory of 4196 1892 msedge.exe 82 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 2912 1892 msedge.exe 84 PID 1892 wrote to memory of 4892 1892 msedge.exe 85 PID 1892 wrote to memory of 4892 1892 msedge.exe 85 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86 PID 1892 wrote to memory of 2288 1892 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47398ae7f85b35dee2d46b12f9b3612_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1892 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0d7546f8,0x7ffc0d754708,0x7ffc0d7547182⤵PID:4196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,7962427102757256729,14337984810317834869,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2684 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3140
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1388
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1820
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
Filesize
6KB
MD59e07ac9e5de9c13de255c4e4c761e6c8
SHA105ebea2404d85f79212c627d42467a05e9dc5a04
SHA256070306cb31b02281b5ebce8fe51f1fde1584ba40e7b4a2ef7c4e86fe4682855d
SHA5128168ff0f5ca26271286070e7847709eb132ec090691f048bd3fad2b753524bb6221354dfb6f60a4fdd78ee0978ff8e78389a5f0c0ed86deebf68af104a8e5bf8
-
Filesize
6KB
MD524372bf907b8b94a7bcc47e51cc2896c
SHA16cb3d0a474d7e4effa26f64fc55df8d6a0d37e45
SHA256e89d514a5c99e5b3f7a4647750f13b02699ce1a583890efeb949c109d79e6e27
SHA512a9420864c805e1198b3d13d9011379f02ae169df62c0f4a940de4f7a350d1cfb8528bac15a75b454d16aa17ed97c22c679b225a728e07cf932a013e91e256a1c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58b4a7376a05ff585aaaec953d424793c
SHA1a259ccfcd5a444c5419546c0e46421eb4d2d4d60
SHA2565484a03ce4e471ed376399be438f01560f22b5d13ea90d05f64ae49b4b47c327
SHA51233f7a92aecfcec56aadd878bf15e888c962b3cda44b7f5c980fd8f96a5d2d5e26f914dc7c731cb6aaad172021dc7b05198f9ba2dbb355f065e313ce21ab48eec