Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 06:08
Static task
static1
Behavioral task
behavioral1
Sample
b20e56708fccfe5b11cd616952ec381d_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b20e56708fccfe5b11cd616952ec381d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
b20e56708fccfe5b11cd616952ec381d_JaffaCakes118.html
-
Size
157KB
-
MD5
b20e56708fccfe5b11cd616952ec381d
-
SHA1
97b31837311ccd2d7f834fe58a0c54d18ef81a5d
-
SHA256
b003ad07f887dbd56b260ec3b6d70bb2936592e50d0df67d5bd08106414731d8
-
SHA512
c5b21ec0f3ae921d3d2e5650298566ea28a682c7a7e275d851f188ee42f4ce733f320bb85db4041d98b9b1ecfc8b4a585c48dcf2c801d2a005fb0e0bda97d09e
-
SSDEEP
1536:iFRT/B7hRLaEDIlVultmyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09wee:iz9lUm/myfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4060 msedge.exe 4060 msedge.exe 4304 msedge.exe 4304 msedge.exe 2220 identity_helper.exe 2220 identity_helper.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4304 wrote to memory of 3196 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 3196 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4416 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4060 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 4060 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe PID 4304 wrote to memory of 5004 4304 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b20e56708fccfe5b11cd616952ec381d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4304 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d9547182⤵PID:3196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵PID:4416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:5004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:1232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:1208
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:82⤵PID:3932
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2220 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵PID:2088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:12⤵PID:3604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:1112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:4216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12344224757952527184,10647965436976883066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5040
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2136
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD54be7358f3be5412da26c63f6f0329d6d
SHA17e0fe54a951399fdc189695ded3aebd3b934306e
SHA256cbe26cf204235398abeaf6aa2c0e96274579ee96ea1438f7955cceff0d0da8b7
SHA512a8b1bf0089252cb63350d3b022775cb48b0268d53ba5efb6d7cb3e6dd9cc5b8842f9a4ea67c7d706f3346fcf79bec026c3733f3bd42a35f729053135f65b8285
-
Filesize
5KB
MD51edb12f7556bdf0902197cbfc707f955
SHA172921b51184167f68da65771388c970456552787
SHA25621481d677cf8e06b676c64e8b22bef30510d4ffa43c94c8884776e50c2445c1d
SHA512400eea59972513dc3238f6a67d9950a04bab067ea8b8db5b8fdf1f9e874df8d10512c23585f9ea2b4a56dc56885a49016673276eff8e5dd2b8d2fc21371781fe
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD56b3677b28ec3a7ee2135de0a880dfa1b
SHA133f7f296b7b929a6fe4393bc051e9594b6d37f5f
SHA25657b51ca59d48d3e07816c2ba02b7789366407f0035ae8c21975a44648174132e
SHA512645b534769385559a78114bdcf2e34583fb52beaaa27737763eaf2c6b72dd6c5012879b9d703178d076e982cbed65d32d88eec6bb3d7be56b4b1e9906ac2f13e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e