Analysis
-
max time kernel
138s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 08:48
Static task
static1
Behavioral task
behavioral1
Sample
b2a456c0d18c8969f41edfa3dd0f1228_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b2a456c0d18c8969f41edfa3dd0f1228_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
b2a456c0d18c8969f41edfa3dd0f1228_JaffaCakes118.html
-
Size
156KB
-
MD5
b2a456c0d18c8969f41edfa3dd0f1228
-
SHA1
c4067b34c9b7beb1a3bdec4ad9b2d52c79fb69a3
-
SHA256
9ec301e2affabe4a4ccb7e63a61020f35a21b6aa558c4f1f02d2e083b60565e4
-
SHA512
5335307d1af4826039856275c5f87d012724451f1f6ec1a2570a1756b2f8f3085c508e5ce20e29e756d45cf58a0ab1f264be8b32e390c2493e6172ddb58ae5ec
-
SSDEEP
1536:i1RTXczbKeBCe3yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:ijre3yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 60 msedge.exe 60 msedge.exe 2976 msedge.exe 2976 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 4928 identity_helper.exe 4928 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2976 wrote to memory of 4432 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4432 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 2272 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 60 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 60 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe PID 2976 wrote to memory of 4840 2976 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b2a456c0d18c8969f41edfa3dd0f1228_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcac446f8,0x7ffdcac44708,0x7ffdcac447182⤵PID:4432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:2272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:60 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵PID:4840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:2460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3536 -
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:82⤵PID:1684
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:4028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:1220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:12⤵PID:4268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9251577208514838283,5550451864394596475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:2088
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:368
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4260
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD515d7c951d2ebc6e3763743854ee6c627
SHA13365ee21771ebd70b8a69a3372d293f2e276a825
SHA256d64fd00585063c409b354fb151d1177e4fef4d6245be6093889646d4aff31d91
SHA5122df9632de4f620f4cac640872e2eb918bf15cb56da40913cbd89672b8e12b0f7ca8cba5572dccf0a49aa694495434f65b433fca63dc15e393bca07a18556dcda
-
Filesize
6KB
MD5a837828ce8159528fa52576acd95ff74
SHA163d2f14a6f6ec1b5546046a31ba473a5ed3c363f
SHA256a677bd56d1064eb6e1046bb375c63dad0948fb2e3feba32cdebf937f709439f9
SHA51222c13e6734412192dff2bf956728eae6e2c420467b1e13d4e10f24415eba3c230cc988f1dcc4ca1c9890a5ec110d3603fc342bfb8db9db6e96ee6a78de5842d0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5aa96a1d284810d50d7b3005e31ee8bf8
SHA13569529690224bf3dd93cbff207e6faf6583da28
SHA256690293be0e4a1be2602b49eb04ab7b1478b3967cbd824937a84ce8c9a7be4ed0
SHA51244a1303bf619569ea5086a332de8a81bc2f5f595b899b3830a8ea3fcc70cc14f8e05d2829b5faa4f1a5a1511ee8d8285d37e13e1cb860d002b12cd7a0201355b
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e