Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 10:15
Static task
static1
Behavioral task
behavioral1
Sample
a507bed2a63a2e1326bb7d31f9d6c5a7_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a507bed2a63a2e1326bb7d31f9d6c5a7_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a507bed2a63a2e1326bb7d31f9d6c5a7_JaffaCakes118.html
-
Size
24KB
-
MD5
a507bed2a63a2e1326bb7d31f9d6c5a7
-
SHA1
232b60a24d07046ba8fda229f0aee7b0a2e3cbdb
-
SHA256
c1287c08c50190ad075d0b4b86cea57524bedbb087f70331c2a53b9fe3d7af0c
-
SHA512
a430619e1ee31fe11524e660bac5a1987368fd1a811a2f827661c4c32027fe4393a17f25e9abea6dfc030674346aaabec808100525549452c3f7f9c183807c83
-
SSDEEP
384:Bf/kv8V0vZ0T1uIQ3tjYntrsuzth6hYs1i7zf74mh5sLMSv:Bf/kkV0vZ7R2rVs1i7z16v
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3848 msedge.exe 3848 msedge.exe 4400 msedge.exe 4400 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4400 msedge.exe 4400 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4400 wrote to memory of 3708 4400 msedge.exe 82 PID 4400 wrote to memory of 3708 4400 msedge.exe 82 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3140 4400 msedge.exe 83 PID 4400 wrote to memory of 3848 4400 msedge.exe 84 PID 4400 wrote to memory of 3848 4400 msedge.exe 84 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85 PID 4400 wrote to memory of 4740 4400 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a507bed2a63a2e1326bb7d31f9d6c5a7_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb29fd46f8,0x7ffb29fd4708,0x7ffb29fd47182⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4028 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4656
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4820
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5088
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
183B
MD5a28fc8c7b408c9fec7eb29ba72319a1a
SHA12b1815d04fb077e076a7c078db984304b82cf50e
SHA2561d26a34f3b686ef9b0f4402fd77dbbf4e517c3a60d31f19751f038953abe9e65
SHA5126a6f10e0011b2e2f335d65b2b5da07e47e06aa5eeb22ac8950f63928c18242952d216526c8a2ba909ad04fdaf073215c4277272c6de2a28c7cb39a211f0a78bb
-
Filesize
6KB
MD55c6d74d2f1201b8a916766b543a13380
SHA17cf8df5886de670ef5aa4ee77df7a957d56a1c2e
SHA2569115bfc657ff8d8ea6e8cccac0f31b2d04d69165d6d40fb1473a77d3bd0dc0c6
SHA51213d488670f04afcddf1304bfc990253fd70bf768e294742f5f868ab8e90d3e681eb0d1829356cf9021f2b3cafedb7438ecb43b974c2cd5679ce656d70b659e75
-
Filesize
6KB
MD58bc2a73b317ac7e6df0f106eaf34b75e
SHA1d71d3eb4b802ec48c570a833642c10bedb12de67
SHA256f5b2a29e6ff1df41375fb50d57e8da04474ad7f05792f5b185694545af240074
SHA512c54399ffd88a0b70f4bd2a01948f405e463054e646c50fb6fbade811da4933d06dc1450fe28bb3d3e4b74b2daae080c95e7888ae238a7497b8931614a481c42c
-
Filesize
6KB
MD525f0c74effac76767189d78295dacdd2
SHA17fec3928feede4b462b13d06cd6fcf2ad5be7a0a
SHA256c159a2200ec3a9cfa0aacc2e42191bbf1adcef38af578b0385066ae50f6c9476
SHA5127c65839f2939b9cfbc1ad3f29d12d737cdddfedc2f3966fcd7ca80f1a414207909de597b4d555ef31e59b932df7fe0bb885919ba85690d446095198e597a7853
-
Filesize
11KB
MD5ef2e2d9b19a4711b9e3014ec4ea2bb7b
SHA192d9c85c26c993a34b6194736d7993dad78d0462
SHA2568d4ec6ed79ef07cc8b6f77204576df97b8245182bebc21e03ca5d8339e0b65dc
SHA5127670e6a791c2becca3994c04481be4e8d56bc4bd509e62664bbed6a55adb591e399e69b6aa8758a1fa4a0efe1da308bd8c7a94891c2e3033182abe3855396ab3