Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 10:05
Static task
static1
Behavioral task
behavioral1
Sample
a4ff59394583400abec0ee3970190018_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4ff59394583400abec0ee3970190018_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a4ff59394583400abec0ee3970190018_JaffaCakes118.html
-
Size
34KB
-
MD5
a4ff59394583400abec0ee3970190018
-
SHA1
5a5bdbbbe1e955dfa9cfd64228f735088ebf3607
-
SHA256
f2dc7884d669bf11314f00d374b23dc7924c8df35cc7cb61ec59dc3912ad0a1e
-
SHA512
f54c0515db8fd0ddf369325c5d4a9f881920497bb0d90e48759ec779839c85ec6993932cafad83c45393860acea4837cb5f1873f9a099ec7e1252e578b0b5219
-
SSDEEP
768:9swWJYB4//4NqbBhBgY+OTavm6mcL3Iszzi6yWlLcWV:9FWeB4//8yB0YXTavm6mY3PzzialLcWV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4412 msedge.exe 4412 msedge.exe 3040 msedge.exe 3040 msedge.exe 3848 identity_helper.exe 3848 identity_helper.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe 3040 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3040 wrote to memory of 1916 3040 msedge.exe 80 PID 3040 wrote to memory of 1916 3040 msedge.exe 80 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 964 3040 msedge.exe 81 PID 3040 wrote to memory of 4412 3040 msedge.exe 82 PID 3040 wrote to memory of 4412 3040 msedge.exe 82 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83 PID 3040 wrote to memory of 2996 3040 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ff59394583400abec0ee3970190018_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9904646f8,0x7ff990464708,0x7ff9904647182⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:2996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:82⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:2076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4336 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4424
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5020
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD5976158582e63e59ee44122966e111fae
SHA1873236a36e9838ad4225a917c5b4275f777f8881
SHA256fed0298209850c92f3122dade73f26346fc6512645f39ce6890d53b49ef95d0f
SHA512c96d7fa5b1e94aadd76b9066f2120b4f4a5ff7c4af0c5a5ef5e1d8b9859a0a18f9f2dfc53a69ebec5b05b155fa6f965f25cd8cc38b6fd2793921cb40231b8ea9
-
Filesize
6KB
MD5de71463441320a1f093ba442258ceab2
SHA1dde3abdfbe70401e166eccfcd9da955e6c6260be
SHA256dc4f2257acfebe033da3cc162aaec272876e3385b2d63d84e1c2d6278a75e68b
SHA512a1a149c72869bf5645af08ed65718ade358a3a77f0f3c075b390269e5ddf6144172ef9689bc307de034deebc8f245115cdf5dcc699594340767c5ec011d747f6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD584b106952b247240c2df191c2f81bfbc
SHA1fe7bbae8047f145e82c3a54fb4c154d2b209eb54
SHA2569506ddc7d382ff2b42435c9865be040961c4f649c45872fd9eea5d79aec6b4d6
SHA512ae6effcfc0607accd9063e94b0ecb91caed498bd00e342fb660d6cd9fa7bc1023396ee0572832623c44e936de5053d033a88e7704a93cb30fae6c116740d7e50