Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 05:49
Static task
static1
Behavioral task
behavioral1
Sample
b1fd7d85480aa32192c83a4c4b681619_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b1fd7d85480aa32192c83a4c4b681619_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
b1fd7d85480aa32192c83a4c4b681619_JaffaCakes118.html
-
Size
343KB
-
MD5
b1fd7d85480aa32192c83a4c4b681619
-
SHA1
890387e7a31e1e67d87e6f170a6a7adef21307c3
-
SHA256
467d19258dba9ab3d9f1460683ccd6602f1dd906055bf97c02177b804a07a32d
-
SHA512
b84788a81d9122d76105ad399ff07303cd5353a14d410e74d7691642c1a569883e9af37b99ce776eb65a8b81f6256a756eb7419d357939168a19817dee56b6ec
-
SSDEEP
6144:SmssMYod+X3oI+YfisMYod+X3oI+YjsMYod+X3oI+YQ:da5d+X3W5d+X3R5d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 1624 msedge.exe 1624 msedge.exe 640 msedge.exe 640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe 4640 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
msedge.exepid process 640 msedge.exe 640 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 640 wrote to memory of 64 640 msedge.exe msedge.exe PID 640 wrote to memory of 64 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 3952 640 msedge.exe msedge.exe PID 640 wrote to memory of 1624 640 msedge.exe msedge.exe PID 640 wrote to memory of 1624 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe PID 640 wrote to memory of 2028 640 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b1fd7d85480aa32192c83a4c4b681619_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba3b46f8,0x7ffeba3b4708,0x7ffeba3b47182⤵PID:64
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12380368576797346073,18021262266646748202,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:3952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,12380368576797346073,18021262266646748202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,12380368576797346073,18021262266646748202,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:2028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12380368576797346073,18021262266646748202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:3192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12380368576797346073,18021262266646748202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:1524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12380368576797346073,18021262266646748202,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4436 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4056
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD5249797c10c047cc3921372e1bb6039c1
SHA15ad7553be3a8566c085899c35af3ce21a0bc8ebd
SHA25695a5c43cca296acbd2ba62a8c66775bf549eb6c367a25611ce697004866774d8
SHA5121479d0033c38bbfd0ea615e4a3d16147896598ef82ca083f2332da3f9589ed1ad439c361e1d830b8d97ff96ddeb38deb22276772d67aaa2a9a567bc5d267837f
-
Filesize
6KB
MD589961ac0d434ed274bb0aef55e6333b7
SHA139e3c1f8f50be862c7c706834b66b6397d1fc6e3
SHA2568a270082eb107aca5a074e80c3ffd99820df8d10c9e4d6464435d9f0480fac9e
SHA512b90bd3fd2948b2b10953a3533c425ed6a028d190f13648929a483dbdaf6fa90cd382b52e811adf2f7593cfe623b23c5fe885b1f1aae1ff555bec03ec400adda1
-
Filesize
6KB
MD5100be7b70d849b29c9ebb7f752f7608e
SHA1dd9f7af2253d6c51bd1e99e6d6ee0223e6ba21c5
SHA256f40c501061c2056ad0e877dbb10f5b629ba1924de8f3be3faa7e73d3f56cea36
SHA512044d433ac9fa8963456d44c5fd329ce4bcc8a26a7e48bc8c047fe2001fa1738932b0b6462d0af4acfcc1e4f1255828b2bcab0ab575fbb2014347fb5e90e8fb15
-
Filesize
11KB
MD5ea55c578b902284f280a86145ec0a4b4
SHA18852784214b6eb394849b4042b013aff7df53c1b
SHA256ab3d0ae18cb4edd8a943512d510d557a6f71775d442b8afc0a43ea3ec78469e4
SHA5128bf738c64b22fc6beda414e5f7cbd2cd0b7aa2afb92b20a64d8b85a9a505cad6b6e2df34990534c7abeb679473a261d2ad79f5b05dd4f8841ce503aa0e9a6be7
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e