Analysis
-
max time kernel
145s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 09:26
Static task
static1
Behavioral task
behavioral1
Sample
a4d7f5f08b1ee23f6d1a8ed9a99e5502_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4d7f5f08b1ee23f6d1a8ed9a99e5502_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4d7f5f08b1ee23f6d1a8ed9a99e5502_JaffaCakes118.html
-
Size
24KB
-
MD5
a4d7f5f08b1ee23f6d1a8ed9a99e5502
-
SHA1
5e7bfc59992df8b1c173b13dabc53a9d28284f2f
-
SHA256
5cf0bdb2d58e118a262691242a54b76872bc48d8ebdec0180940006364c0c4ab
-
SHA512
3cbab927fe45aad16863992adccebdcc858d9135725c2068f7742423ea08fc0747670411223235870fe265443446dddaa87a2e6f523481b94b756587df53d742
-
SSDEEP
192:uqN7HRb5nW7unQjxn5Q/fnQieZNnRnQOkEntFYnQTbn75nQeCJVevo7NtIFo+Nzk:nIQ/0ygcnnBH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5004 msedge.exe 5004 msedge.exe 3652 msedge.exe 3652 msedge.exe 4640 identity_helper.exe 4640 identity_helper.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe 3652 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3652 wrote to memory of 1384 3652 msedge.exe 81 PID 3652 wrote to memory of 1384 3652 msedge.exe 81 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 1156 3652 msedge.exe 82 PID 3652 wrote to memory of 5004 3652 msedge.exe 83 PID 3652 wrote to memory of 5004 3652 msedge.exe 83 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84 PID 3652 wrote to memory of 3896 3652 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d7f5f08b1ee23f6d1a8ed9a99e5502_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3652 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe197b46f8,0x7ffe197b4708,0x7ffe197b47182⤵PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:1156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 /prefetch:82⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11629010297208711542,16659030174228848914,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2504
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3976
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1984
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
Filesize
6KB
MD5447649d6414bb9dbf840db251ea95f17
SHA11871eca3c170cea47e3665bf3f5dd1c4693f3c13
SHA2568801d670bdd5a479b95fedcd07393d19654b442ce7c0f9fda495d83b0e2fd368
SHA51277fda56fa49eccb1a0b400744cdb11cbef3a1e141a4e4fbbdc08fc870f0d34a48ea813ec7db482cf422e2c129e844e027a2af187258307be13d98108702be8c7
-
Filesize
6KB
MD5a6e4d09fb85eea824120725e856e0c87
SHA17a1e66f514223b6bf38116b37d6d9e874def9cee
SHA256a64f97624928afd0abf91bf415d987fcb6593afe75d6570331cd52dab11ee862
SHA5123a58f769ec2eb0aa0618ebb2208313a6e672a6f75994bc2e80456fe55073fd95ccd977f15fa66fb32d85910799a4293149e45c67e277ca1e47a252863894d31e
-
Filesize
6KB
MD597734d3d0ae770c094d0556d2456995c
SHA187186e0aa0fc73398649b7682a400d3a57454c25
SHA2569e274c23d0518fe817a16804f8413b740cbad8940395faaead54425d7c9b99c3
SHA512c6fd191729722cb610a52b85309fdc77bdb141964c46389dd06d28eaa0f6a1e89625193b818015737be09875f92dc811674b97a02fd54c791f4a1a2e5bd7ca5e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5093eca3c95f2b4cd8a8a933f490e0d56
SHA1db5b185b1c4170a7204007854b4ab6734b32b659
SHA256de6e45e359933a92427c5349cbd7ebfeeb3ab1f2f68e6aa2e85223e21971c3b0
SHA5124ac058a57c27039be9fcecdb7a244ca8292392dd50119d26572e6b4c31a9d5e223258123879fde8df1781984bb85922ade2d97f0f7b00b4e4167ff0985b2ac97