Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 10:06
Static task
static1
Behavioral task
behavioral1
Sample
a4ffb97c597c4a91bf885dfe8b47bee9_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4ffb97c597c4a91bf885dfe8b47bee9_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a4ffb97c597c4a91bf885dfe8b47bee9_JaffaCakes118.html
-
Size
4KB
-
MD5
a4ffb97c597c4a91bf885dfe8b47bee9
-
SHA1
c59d408bf124c456f75c0dbe06799b465e0f1870
-
SHA256
4045f3b7f802ee1d49fe131f22f1fc11c4c6256ce18866264e0639468e39b3eb
-
SHA512
a64201fe6c9614eac955a2114f68562d165066edb19fb7c03451ab939d8b0fb71de58ecbc81faca8df82419a1d113802ebcec5468a7cb7d437dd203124961590
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oO2R4LMl:Pk7yY1aEFHVKtF37sNjtXATIQFM93pD0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1860 msedge.exe 1860 msedge.exe 1348 msedge.exe 1348 msedge.exe 3988 identity_helper.exe 3988 identity_helper.exe 3904 msedge.exe 3904 msedge.exe 3904 msedge.exe 3904 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe 1348 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1348 wrote to memory of 3184 1348 msedge.exe 81 PID 1348 wrote to memory of 3184 1348 msedge.exe 81 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1592 1348 msedge.exe 82 PID 1348 wrote to memory of 1860 1348 msedge.exe 83 PID 1348 wrote to memory of 1860 1348 msedge.exe 83 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84 PID 1348 wrote to memory of 4208 1348 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ffb97c597c4a91bf885dfe8b47bee9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1348 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa127d46f8,0x7ffa127d4708,0x7ffa127d47182⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 /prefetch:82⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 /prefetch:82⤵PID:5320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:12⤵PID:5596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:1700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:12⤵PID:6048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15669762475111219043,12337568899459646800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3904
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1912
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD566044dfcd56a4c5c4611bf3c70300efb
SHA14830f8ea8f91537d35262b998dceb20d21c0c7bf
SHA256ebb1929f6540db1bce4f5565e430427d27bdab9417d778a234018f7e9c632a3f
SHA5121e11d70479abd0f2c857a333568505cbbd82041baadf3053eb551e07597432dfeab480a3ccd93b2ff250d0975a5de7a4a1e79092ee6f37c54e7b7e2d8ca2ef0d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5bcf7e02b5059427dcd93a659409171bc
SHA13febe6f0ef199e211c2e203df049562c21e5a66b
SHA256c6f66d207302243f59474ab558e87a887c82510c6b1ac0a1f5477736c341ba8c
SHA512e0ea1dc2ca5eaed7918fab7854643fa87a6c9bc8c3d5ca986b72aff3f530770fefc85cf14bb83dbd6c4548d415706142d29fe8d7ac9a7517eb580f495ec92a30