Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 09:23
Static task
static1
Behavioral task
behavioral1
Sample
a4d472a1c231e2e04caf5fd3e8d7177b_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a4d472a1c231e2e04caf5fd3e8d7177b_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4d472a1c231e2e04caf5fd3e8d7177b_JaffaCakes118.html
-
Size
8KB
-
MD5
a4d472a1c231e2e04caf5fd3e8d7177b
-
SHA1
9698543418e911251bd3bddcab2dd2d1616d280c
-
SHA256
723a6c862b12ebd96538a7a307f210dd2baad1489fd79d826f2416db458c5d27
-
SHA512
a8d804b3b39211fdbe7c71b6e1de507600b47f25280e4bf8d3b2ef316b37e8859f599545fad92588a4ab2b0961f6dbb7e1145c8a57421b7bd28f1d9dae6ccbb1
-
SSDEEP
192:izMByu0GQIeRn0GQIP++uAXg5s+bxOYQeS7mnE:iuNdQIeRdQIPdQ5s+bxOInE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3056 msedge.exe 3056 msedge.exe 3692 msedge.exe 3692 msedge.exe 2316 identity_helper.exe 2316 identity_helper.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3692 wrote to memory of 1008 3692 msedge.exe 81 PID 3692 wrote to memory of 1008 3692 msedge.exe 81 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 4576 3692 msedge.exe 82 PID 3692 wrote to memory of 3056 3692 msedge.exe 83 PID 3692 wrote to memory of 3056 3692 msedge.exe 83 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84 PID 3692 wrote to memory of 3192 3692 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d472a1c231e2e04caf5fd3e8d7177b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3692 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7e3f46f8,0x7ffa7e3f4708,0x7ffa7e3f47182⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:3192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,11205842148452589032,14077621095781636787,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2944 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4212
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4764
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2900
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
795B
MD51d3544251022a76298b72416f2853428
SHA1ab2f5194316edaafcc0111914d0cb245927b68e3
SHA256dbf67d22eeb16e463287015fd38aad29f8072c2fccbc651110d76f8f9d4ff1e3
SHA5128716d0798557d2d8454e3a65a67805e40749bd12a5f884ed7e7aa19ed667e7f8b64eca54e89008d531c37eaef2bcff46d6bc4bd2517fd8c6532e41a37ee70dbc
-
Filesize
6KB
MD59808f845c7f810876690f00279b46031
SHA1726f96dc8617e72f26384149c856f4cd57ae6765
SHA256b821a7a84d15a5ec29f5b7bd3d794ae5db7ea97681ef826780d55879309c84bd
SHA512a9144e28ce87568247ec400efb84da9007ecdf51c65c7fce88e58346294c02596224546e2106fb2c2a94da333c7f43541ccf4500106107d96a1734493a2f6aac
-
Filesize
6KB
MD52e9071d9af8241b599bc93dde2a60acd
SHA16ca617acdcbe0178ea8a19ba719e6d8255a561d7
SHA2564a40a3d4ed2a9fca93bfa6f2b4c8735d06232a54baa5b5b9e43a526a6bf1a6d3
SHA512c9efdf521b4c66f9d19847d35d4acb562bfd848fa50dd4690ba3c3110358350bcefd4b4166c74ca1287bee1e2c8df514f9c19ac1f4574b3f8edc3f7580e06ebf
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD575b0a068c2a0672b81d7a79691642829
SHA192fcccc07d2c4070fb2b0080d14e3dc5c1940f16
SHA2564675936a55c75b6633095e25cc02b9d5affe1f855fe0336f6253aecb4fc5c9e5
SHA512967b7579b980102b77eaac2657bdf3f52627ca26522b1a65cd433ba6f58dfa8dfc6b6abf4c168b7e71a33f85dc6a682b986fcdeb0d3e856e6bbfb13ec5f1c284