Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 13:15
Static task
static1
Behavioral task
behavioral1
Sample
a5ba528f8bc0fefc2c129e122a75e9e7_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a5ba528f8bc0fefc2c129e122a75e9e7_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a5ba528f8bc0fefc2c129e122a75e9e7_JaffaCakes118.html
-
Size
214KB
-
MD5
a5ba528f8bc0fefc2c129e122a75e9e7
-
SHA1
90cc20d3a6817e4036498f98aac6b1389c0a256a
-
SHA256
5b09c17b86c5f8bd367444527676caf6af8acdd0524ca328b5d9a56f2c63dc40
-
SHA512
4d9a54e9cd910bfb4565cb775c5b68577f871916d0fe1b5c1d5da5f4b35102ec73fb7e66b28c74c87f826ad578d4880936a9f25cbdcd25166bbfb6985862418b
-
SSDEEP
3072:FrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ2:Zz9VxLY7iAVLTBQJl2
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 64 msedge.exe 64 msedge.exe 2324 msedge.exe 2324 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2324 msedge.exe 2324 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2324 wrote to memory of 216 2324 msedge.exe 82 PID 2324 wrote to memory of 216 2324 msedge.exe 82 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 1708 2324 msedge.exe 83 PID 2324 wrote to memory of 64 2324 msedge.exe 84 PID 2324 wrote to memory of 64 2324 msedge.exe 84 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85 PID 2324 wrote to memory of 4996 2324 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5ba528f8bc0fefc2c129e122a75e9e7_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa06e046f8,0x7ffa06e04708,0x7ffa06e047182⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,316587537816813782,16549226092694368199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,316587537816813782,16549226092694368199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:64
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,316587537816813782,16549226092694368199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:82⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,316587537816813782,16549226092694368199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,316587537816813782,16549226092694368199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,316587537816813782,16549226092694368199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3956
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1808
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3532
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
Filesize
6KB
MD54d5ebb06418a6d693ce38f179a5cffcc
SHA1980f1c5f7d95df08cc8d9c9a5b358d37a668e392
SHA2568ad5d1ea150c9bab0b9db95c291a177c341713987bd0fe9af27ec3fd8958b09d
SHA512bffce19a89a536ef58c7a0df9a3dead2510ad99e3a026a593851c64df21e8f0c7c19192dd47bcc66738cc6b66abb9ef55a4ef196db2d76db10ba5dfc16e8cac9
-
Filesize
6KB
MD5b57e2b2c76b2e19a68bbad7f542b8670
SHA1829c8960118fb247b7580fc9cb7fac652026f2d1
SHA25667ef23d460b5c147c8d9e3865f898063043ffbb9335acd3fdc2fd9c4e8787f96
SHA512bfa2b120bdf9333267212218170abdbca012f7bfdeace98aecd0a0b52ff1971f7e8c887de764507f9024a7ee0041d664a6631f3d091bb26eb1175b44f487faf5
-
Filesize
6KB
MD5225d3ada35fa53422a86519405d0f85c
SHA152b1b10e32a94a5d2db29590b4bd1c18dc297cf7
SHA25681a33330e6b61d484859d865dbe036c452adb6815e22fb0d609d7a6a035b3ca9
SHA512856e80e69f0678d55c0464f39bde4766bda999987b07f12c6dfac0521ce91275e323a44324cef8bba10a33933bef55df7ddcb520ea49bb577574b770d8ec30c7
-
Filesize
11KB
MD5aa36cdb642e1acf8cf4466f18dc1e7be
SHA123ebebb8b4931d5d59e04e4b0567965489565066
SHA2560b0cdd58d494135230556d584f2798506fcd18aa9a7e7b7d01ee9111b4fd79d0
SHA5124064aa2594efdfbfcff5297d1357a88234e0b201ff43b7d8c26360011faf73cfea41bcadbcc52043de7f03ab71cae3f670490b319585e21c354a0c2ebe851e5c