Analysis
-
max time kernel
145s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 13:17
Static task
static1
Behavioral task
behavioral1
Sample
a5bc6474da42a5b7fcb327a739181d69_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a5bc6474da42a5b7fcb327a739181d69_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a5bc6474da42a5b7fcb327a739181d69_JaffaCakes118.html
-
Size
115KB
-
MD5
a5bc6474da42a5b7fcb327a739181d69
-
SHA1
c7368920cffe2d441280cdef8ed1e4e79375cb71
-
SHA256
e7d637425186b86ed4ddf69fd4d1fea7b1466912d27540c411dea71585f6a967
-
SHA512
22947df915cab05dcad78a053a60dd9f731fe71398bbaa2a6e56d9d65b601cc33f5d46e0757cce0f62e3b1cdc9fc80c147a075a60c3902eca792c1a42118618e
-
SSDEEP
3072:S+6TLSD4mKYk7eyfkMY+BES09JXAnyrZalI+YQ:SgysMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4544 msedge.exe 4544 msedge.exe 4064 msedge.exe 4064 msedge.exe 4400 identity_helper.exe 4400 identity_helper.exe 2240 msedge.exe 2240 msedge.exe 2240 msedge.exe 2240 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4064 wrote to memory of 1756 4064 msedge.exe 85 PID 4064 wrote to memory of 1756 4064 msedge.exe 85 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4696 4064 msedge.exe 86 PID 4064 wrote to memory of 4544 4064 msedge.exe 87 PID 4064 wrote to memory of 4544 4064 msedge.exe 87 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88 PID 4064 wrote to memory of 2912 4064 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5bc6474da42a5b7fcb327a739181d69_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4064 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe697546f8,0x7ffe69754708,0x7ffe697547182⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:3340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4866657436213027367,12052191916663545336,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4728 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2240
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4396
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4528
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5257c0005d0c4d0bb282cb470925e4376
SHA1f9b8efb511ed64292568977c9f2ec255509e8f7d
SHA2568185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22
SHA5122f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4
-
Filesize
152B
MD54819fbc4513c82d92618f50a379ee232
SHA1ab618827ff269655283bf771fc957c8798ab51ee
SHA25605e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c
SHA512bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b
-
Filesize
5KB
MD5633220b675bb88c9ad57ee93483f90e9
SHA13f30d2af91fe308e1ebe84ad5adb9fc1ba99a429
SHA256066eb7f89e7d37e0e317a0c831de2bd50424d34f29992f37ee85dc8202ff6bb6
SHA512c4be9fffe45d16dea16f1e70c771b5b6fc22ffe9033ae29af6d89148825d94fdb61ef760e3814c2f47ac616053c0dbd088e9f35f05d8a5e6dced5faec9427a5e
-
Filesize
5KB
MD57e183151c6f4e110a098b15235eb3d5e
SHA1bb7749c1a7bfdf905e8667e4a4efb1df469bb203
SHA25652eba676addba3ed1ad0200b02f739c996c2515ff83e9b3790596b2f7050df68
SHA512f52aef670dd1811163b92347e38ea407cf564cb38ecc657a66b413e5beace8ad24c387d63ea46556d392b760d521bdf576c946e8ed91bde6ea4271d645acef40
-
Filesize
24KB
MD595cd1581c30a5c26f698a8210bcab430
SHA15e8e551a47dd682ec51a7d6808fe8e0f2af39e86
SHA256d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9
SHA512e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51688e8de28b98abaff80bb543ed927a7
SHA1bd03ad2a2b374852a097822fe5a1ed9a4e10037d
SHA2561e381940ba3504e8a78a0570dcf8ffd3515266de3636021d2e6ed91273b163c3
SHA5124e5ed992731175c093575829e305a25ace84414f707acf493da5fb226091624c8b04d136b672784874f0e17b37f14b8a14a0fa68526caaad666d802975f71ba1