Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 13:16
Static task
static1
Behavioral task
behavioral1
Sample
a5bb19c9090ab63baef4724cb88ecbb6_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a5bb19c9090ab63baef4724cb88ecbb6_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a5bb19c9090ab63baef4724cb88ecbb6_JaffaCakes118.html
-
Size
461KB
-
MD5
a5bb19c9090ab63baef4724cb88ecbb6
-
SHA1
9e15237691636b29359cdf8cd83d21d5f5491a5b
-
SHA256
de760deee0bea957a518dce13831b56057044517400c613a3b1c587fcee188c0
-
SHA512
76b6792bb90ca50b449f87c19623892ef8f30e87e7b0835c34f2ad7a3e858d9bc0b5fa1a41b54e032605c84408ac6652a8a85178c44bff9a7050c7c0441b1134
-
SSDEEP
6144:SLsMYod+X3oI+YC4QcsMYod+X3oI+YgsMYod+X3oI+YLsMYod+X3oI+YQ:y5d+X375d+X345d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2608 msedge.exe 2608 msedge.exe 3392 msedge.exe 3392 msedge.exe 4552 identity_helper.exe 4552 identity_helper.exe 4220 msedge.exe 4220 msedge.exe 4220 msedge.exe 4220 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3392 wrote to memory of 4904 3392 msedge.exe 81 PID 3392 wrote to memory of 4904 3392 msedge.exe 81 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 3036 3392 msedge.exe 82 PID 3392 wrote to memory of 2608 3392 msedge.exe 83 PID 3392 wrote to memory of 2608 3392 msedge.exe 83 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84 PID 3392 wrote to memory of 4244 3392 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5bb19c9090ab63baef4724cb88ecbb6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3392 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xc0,0x108,0x7ffdcbf346f8,0x7ffdcbf34708,0x7ffdcbf347182⤵PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:22⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:2600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15521525890405521620,13036992346250475709,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4220
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3340
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4932
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
6KB
MD50eb222abe9da117fbd36a7a01296cae4
SHA1bf2062b553df54201ad72c63930009fb9df283ed
SHA256db899935495083692681dd3809e6e08e3f89127f7eff9386d90ba6c5bd76b3a3
SHA512a43939f16ae1753ef3be92cbae518394aed1f66033eb32270df2582ae289bc65ea33de5f53853b519a596d56bab8b3c0f24c2f5c9b57676755410a9e5938908d
-
Filesize
6KB
MD51b65b5f55915c72f7c85a005dfa7033f
SHA1fa6d505cdd8d956d0dd16698e0acbc3f50276765
SHA256234b70838e6e409e4f837695ce32e8a93f82fb88d9cbe19d7d18a46845505126
SHA51203e96e0fa0a8b8fb9a7a81a45295ae950354ca98a2ac449ff3000e9848a9834f198522ff2f50f68eca5ec01d1c2d474353f036fde59faaf0a8b751856939e660
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5cfb8871478bc3940eba10a8d87a562c2
SHA1ec0d791fc930a620e5f2e192aebcdea52451149b
SHA256aab7fdacfacd2798ad14f53b3778d32928fae3ec745b3efe3a6930f34984d7b4
SHA5122158e380b047086b57f3a3cd2f1fc6c0546966ec11f949cdb6cf1ee8ee8d7625a652a9c2ad46a3716a15d1a0820fc1726ba5392ab1d81b4125af93cad6139e38