Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 07:37
Static task
static1
Behavioral task
behavioral1
Sample
a474fd581db9ae5729c090bdbdb18e7a_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a474fd581db9ae5729c090bdbdb18e7a_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a474fd581db9ae5729c090bdbdb18e7a_JaffaCakes118.html
-
Size
82KB
-
MD5
a474fd581db9ae5729c090bdbdb18e7a
-
SHA1
1b42f1700452692106464814d9cc8fe1c72064b4
-
SHA256
f8f90b83badd5b0ec6e00754f6ab17a216d0880f1f870732255a44f8a4b75e5d
-
SHA512
3af54c4f47a4bb8392e103ffc08b5b4cd7e778baaa965b4c41f4115f249d62e50b169b7b7f0e7c3e935750d82fdc8966dad4493c4e547e20cf14f74de488b689
-
SSDEEP
768:NGrU8kcluTLoAbeVUDDkY1jCrXndmyOl1Vx+brGqx+S4SKFs+1nNtrID+/Qmv9:NGxkcl0TbeVUDDkqjaOlrsjY1NtrN9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3220 msedge.exe 3220 msedge.exe 3492 msedge.exe 3492 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3492 wrote to memory of 1644 3492 msedge.exe 81 PID 3492 wrote to memory of 1644 3492 msedge.exe 81 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 812 3492 msedge.exe 82 PID 3492 wrote to memory of 3220 3492 msedge.exe 83 PID 3492 wrote to memory of 3220 3492 msedge.exe 83 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84 PID 3492 wrote to memory of 5096 3492 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a474fd581db9ae5729c090bdbdb18e7a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3492 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4be046f8,0x7ffb4be04708,0x7ffb4be047182⤵PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:3416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10287249127891961114,13635475539875124301,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6100 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2504
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1888
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD573fb94ad16bdb9ac04ee7643c859fb44
SHA1f2f7240ec505c3bde29adfd708327870c4b7c161
SHA25606a9b45a604d24797bfc8b3ad8a6321514531e81d58d4367d4e7e4fb600a87de
SHA512ec2f687aa0b5d77dc12ea0becdc9aff151049d8855d906b2e3d484a1589fbc3e0e4ae29b7943b29d52712013b4efd1b86a804ec520971252bbdea450aa7a2501
-
Filesize
1KB
MD5030cb235d8dd0149917e987ec5ded007
SHA11baf6be8f29dc2eeed3fd970151d79b5074636f1
SHA25614ef309cdcdb9e5888e6b37da58f67965940218552189b771285cb3abdf17dc6
SHA5121fdd0cb0f77ff13d871cf99243b07d1dd6689a04226a75603ca73778e33c4eb0d3b6211da86c4a31380323588ceaa3be9c366ada9b04db2d9639b1ffce6a6f6b
-
Filesize
6KB
MD5dbe07f20d881cd7d2d679cb86d252106
SHA1a988e825d5398c76303958d69946411b893a7e13
SHA256bb512fcc07db30408e2ec08d70d76f8e74b6286ce63877d146da189032a8c424
SHA5125c7dea2c9199fff1e540979c1f22aba61ce82e89db6a63d391d5992a9a1156dd6008d620988c6691f5789d97517dac5e53b736d1b6f014ff6cc3edba8735a961
-
Filesize
6KB
MD592c5e155cf508ae232e4975e1fbf08ad
SHA183159309c192c87901341682ed67d698722258d4
SHA2566cd62edc33e1c8abe2e407764760fb9afaef46507817d577691e2340f11cca69
SHA512a75bdf73f45b758c0c034abbfcbbf1ca95c4599f1de8562cf24e5ccc2f3cccb569dad92b842630c3f8e9d093455412363a4ce7bf22df9ffc05a676dcda4ad4d4
-
Filesize
372B
MD5114a81c753f0287bc9909610bf4d2ba7
SHA1248377c80b8bd7327e647126b829d8984f486f0a
SHA256ddb7f22ccc6ed1e176d6543e704c7f3feb7bd50fe48dd276d05b09bf1fad8d36
SHA51244f8097b46723c35aa53a1fd2edf8fd3df88a4660a62807993e28fca03de1d4c44ca64e0eebc1b469fc05e22a8965c2d8894f92b1562a8fc66c7fed1e315363c
-
Filesize
204B
MD5653a4672a71eb6329325cba6db7820f4
SHA1f2e8b7f21a94876fca51b493275efdc811e9332a
SHA25638d6a0d0d0bd702b6d5ac0d94b5830c9eba49258bff024e74182fb354cca1227
SHA512a045a18b1a2f2b6de02bbfc4eb6e8491beab9a9855f85a744d19f5a15c754ff8e5aace95b8d35805f966392b8bba4383eeb271137e904d4c4572acb129467ce7
-
Filesize
11KB
MD5f133009bedd18d338673613c2a58e32d
SHA12188e9092234bd85b4964eaac42ab7453534b430
SHA256e7554a04aeb7477de5f97e8ebcf5d20e143173b4e965de8f53a920b74982216b
SHA512dc379b6116742691293a870b70b16f9790ab8285ff4b7ea92e962207d5395e6fd3ed8c89d8a656fdc55b28ea66a6d2a9a55d16d1e9329d118595c47fe85420b9