Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 09:24
Static task
static1
Behavioral task
behavioral1
Sample
a4d635acbb3d26e5dc8d0f2b12ed8af8_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a4d635acbb3d26e5dc8d0f2b12ed8af8_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a4d635acbb3d26e5dc8d0f2b12ed8af8_JaffaCakes118.html
-
Size
36KB
-
MD5
a4d635acbb3d26e5dc8d0f2b12ed8af8
-
SHA1
1921094cc05ba11c256adf0b2c3166679f5cfaa8
-
SHA256
54ba2b7d6d5492600c00244ac15430be57ac94df4eaf3669107f82bd40e114e8
-
SHA512
1061eb8f6f4089067f2ceaafdcef3082d31b6b8ab43253ccd875d8306cf38732d203aa857a9921891f50769c6187ee71e4cfedbbc89e30e16ee93f49f3930a6f
-
SSDEEP
192:uwvab5nXOnQjxn5Q/nnQieWNn0nQOkEnttFnQTbnBnQOg/ecwqYH7cwqYXXcwqYd:CQ/XqHx5ktK0bt86GTe
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1848 msedge.exe 1848 msedge.exe 2536 msedge.exe 2536 msedge.exe 732 identity_helper.exe 732 identity_helper.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2536 wrote to memory of 4904 2536 msedge.exe 82 PID 2536 wrote to memory of 4904 2536 msedge.exe 82 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 472 2536 msedge.exe 83 PID 2536 wrote to memory of 1848 2536 msedge.exe 84 PID 2536 wrote to memory of 1848 2536 msedge.exe 84 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85 PID 2536 wrote to memory of 4052 2536 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d635acbb3d26e5dc8d0f2b12ed8af8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94c146f8,0x7ffa94c14708,0x7ffa94c147182⤵PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:22⤵PID:472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:82⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:4156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:12⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵PID:320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5703502359032439021,2020259187093454373,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3264
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2248
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4260
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
5KB
MD53b43762ef858e15da10dc49031d77c57
SHA13e7bcbd0bfd9f1464f797c3dfc18c0c668f0e4c3
SHA25651fc63c4800290f49e875a86dd5fa2d65d3749cd471f331c179c26efba4f71f1
SHA512dca6421bb0e5d336612633780b7230c9b496af68004fef135971fc700ecc6f081246149b339187f2bd4b1dc453d190fe928bd18ba6780b3ce0543639f12d89aa
-
Filesize
5KB
MD5a472b27d3b79de9289d6bfab3757bde0
SHA1c461d0f482730c56b59f9ca63af4e4de051c873e
SHA25691b480523ef4ae49dd77b17e875abab81cbc2283dedbbbac5bdc6a3e7b5950e9
SHA51269c3fd6b8f4d85511c627704039ce123370206f49c943d162799e2ac66607afebab50dee7e238403f96ce1b591940baa59e8d994669cf1fd6b4933800eeb32e9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD5b60a61958d773b4d265a6a7bc9c61b50
SHA1b718fe75d8d7a2bfe78d3af0e04b84bb26216233
SHA256667ad33294aeb4946a837680a01b6580b1b1c5b9681148ac8cd971431040f024
SHA512da71f7782bc2ade9fcf7abf2e9295e65cb69df56ce22537714ac00869eece7c86c79e2692dd5b16dda48597c9557a1318c841b1252db56502c1bea8e23f0c58d