Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 07:41
Static task
static1
Behavioral task
behavioral1
Sample
a47892505a7369b3d7c36d4125dd7279_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a47892505a7369b3d7c36d4125dd7279_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a47892505a7369b3d7c36d4125dd7279_JaffaCakes118.html
-
Size
57KB
-
MD5
a47892505a7369b3d7c36d4125dd7279
-
SHA1
e27f55a2f00bc4f9b741641b9c867beba237ce95
-
SHA256
98fbc9f89b92160f1012b4e32c9ea3da2fc05317f7a08cf87eec5e37623b1085
-
SHA512
18b78e52bd41d2564a75d94fd5fbaa3b498cf5a2c6426fa89b7c5f8b8b83d73cfee95706b46cc94ac5d48270bfd8d1211aa447828e0d94f359f46c7ce2cefd40
-
SSDEEP
1536:8dLw+WYYQBRJnalNOmxPkvEtwGfkMaxThwLnMdRk:8dL1WYYQhaXLGMaxThwLn5
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2572 msedge.exe 2572 msedge.exe 2468 msedge.exe 2468 msedge.exe 3040 identity_helper.exe 3040 identity_helper.exe 824 msedge.exe 824 msedge.exe 824 msedge.exe 824 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2468 wrote to memory of 3760 2468 msedge.exe 81 PID 2468 wrote to memory of 3760 2468 msedge.exe 81 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 1164 2468 msedge.exe 82 PID 2468 wrote to memory of 2572 2468 msedge.exe 83 PID 2468 wrote to memory of 2572 2468 msedge.exe 83 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84 PID 2468 wrote to memory of 3260 2468 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47892505a7369b3d7c36d4125dd7279_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb260146f8,0x7ffb26014708,0x7ffb260147182⤵PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:12⤵PID:2436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:3264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:824
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:552
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
5KB
MD50c9945d984a1fd4c27b5d674465dd900
SHA1fca4937d400c24f561c637bfe1025659f75aaa06
SHA256e09ed36adc8c27122950f851366a159a3a7cf799fede507a07215342c4229f80
SHA5126a114200ab212d050bae9209d0d347e44e3f53353ea2a14c26fdfe8e6dbd4a93c52917761a4f0c856e16fad505d3e799fe618d60e638efc1097726b93fba8efb
-
Filesize
6KB
MD51123cbc850a5d3131fc8bf84e6d02501
SHA1acef5b7db023bf815199538341be5a01d5c37957
SHA2568b0c6c74bbae26a7084c51846f7ee61bbcd0c7a781bf5723dd6a4126dca2bb2c
SHA512f8f0c9093dbadac4203c2d0c17da89d6fa4f7b6604981630bf5cf99a8475b6ded48a778d452cbd61a870b189e8a3e810caae28d856e78c0a2f821ac2afa76d95
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD52f0ee368997b1fac59128f4874053a54
SHA1e6938b39c20721d096f2b4269c93bcc703292de4
SHA256b264d7a1ed14479cea90aa11fadf199e26001c30db02db6eb0a7f5469f7940b0
SHA512c1634013a3d6d9dc500fde59ee3d5d5091c50be55462af00a194fc0dc20db78ce8ef1a968310027c5c2c24fbb93ff8b2460e7f640dd5dbf7755004e030b3b4bd