Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
17/06/2024, 08:07
Static task
static1
Behavioral task
behavioral1
Sample
b78e7698c7baa08fa94be027a6397a2d_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b78e7698c7baa08fa94be027a6397a2d_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
b78e7698c7baa08fa94be027a6397a2d_JaffaCakes118.html
-
Size
269KB
-
MD5
b78e7698c7baa08fa94be027a6397a2d
-
SHA1
4baf135564eb5d1ad0c68cc94793cba84dad0c0a
-
SHA256
ba9d445983858256c06ee03143e608be4d0a6434a0be8b974f8d86ee7183eb73
-
SHA512
d8a94b9974179958ffb04b458bc94dfb2992c5efdde8c57a99ded509fc0f5a04e52c2b614d825641afbebdbb2b77f8c4c6fcb3df07d45abeb23aaead1f490d2d
-
SSDEEP
3072:Hctu+rXiMBl4mskwTLMCjG6C7/XdF6Z2npsVQkykZeZ3E:uQmsP/MJ6CbCZ2npsVQkykZ0E
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1440 msedge.exe 1440 msedge.exe 4180 msedge.exe 4180 msedge.exe 4644 identity_helper.exe 4644 identity_helper.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4180 wrote to memory of 812 4180 msedge.exe 82 PID 4180 wrote to memory of 812 4180 msedge.exe 82 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1080 4180 msedge.exe 83 PID 4180 wrote to memory of 1440 4180 msedge.exe 84 PID 4180 wrote to memory of 1440 4180 msedge.exe 84 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85 PID 4180 wrote to memory of 4332 4180 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b78e7698c7baa08fa94be027a6397a2d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba3b46f8,0x7ffeba3b4708,0x7ffeba3b47182⤵PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:82⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2204
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4984
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
893B
MD5d4ae187b4574036c2d76b6df8a8c1a30
SHA1b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA5121f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize252B
MD570253e36c7232026cb2b914308724431
SHA17afc0b8e78c0090ec4527e1b44c1a641ee45b5e4
SHA2560421e0c16d77bcf722bf38627a56aa71c68a9c6599dc7517061a886d7c8a305d
SHA51206cf4f3bf51d2e969fdd200f7ff469eb693ab71b932b97a42a69bf8f46600c13c0a08b52d0b53311e72a7595aab8f950e5469b7281fdb364d4b7c229ba523459
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
819B
MD5c99cff0f90dac8be554290471ccb0070
SHA178eadb3a6ac984cb1792688253421d09e1fe9b1c
SHA256fa4a23c9019a3a77cd3fecdeb32946ffc0afc2f1d1bada02d45488b9d6f5d9f3
SHA5128aaaa5c862f7829328848a4541140bb3bf9f38ec4cce7d811fb9ab66632126f706c565c0b6e421f90b89aae3ef0b216d3ae6cdb3f38db8dab1e8967248a135ba
-
Filesize
6KB
MD5d252e6e3d784d967160725ad47b60cea
SHA107585cf98f2ff7ddb1b77ef345b222fe61c9585f
SHA25622b33316174944c060d20fc7e4c15ed90cca3c53827553ebaeb025e3a865ea2b
SHA512a63f65c9dc8e5a00fcb65181ead9d78f1a09ce3266a0b9130be29c389293b9d589bc1bc07cd04c3c7d6f695c68b2ce515122f3df2b4ca153eba6ba8346480070
-
Filesize
7KB
MD51fc204d21e5c848bf3714adeb2520839
SHA1b45de2163edb8eea967a1200a8f799dd8ecbe365
SHA2568b365f9f13575cf3cc9a4c539149b57b3537863d3767826f234efe840a0b3a90
SHA512b0061fe30802861ea1fa376f735609ceffdf2e8d66378e3ab110bf988cb2aea316d2866b2bbf21d9e56166e56f7d032d2208768d74709ad5210bb30f8a4b7d47
-
Filesize
540B
MD53a954890a9597cddd2ad9f377508b116
SHA1fc0e3f674d6fac4bf44347a253ec425b648be132
SHA256c01f1831f58d6ceeac098621695ad42895f425beea65b8d4fe1aa613927b7b2e
SHA5127fe425d6e341fbe1f0dd7cafc66abc33c740157e48eadbb33a64670774f64e492e7c2c8d919d65c83f5b9a1d0639da1290201884915c14f09083b81374109a4d
-
Filesize
372B
MD509bd17519cf62929f9c4ed5e82c89180
SHA10bfbdf424a3278fdd73d77701a602fcfcc24e2fb
SHA25602befde9e01035d660d0f345cfef2b1000a95e4087912cc1b4520547a0ea2161
SHA5120ceb875e50d5a76e8edc3ce0db9797f89d0fd58ef469d79f16b5b316ecb4f6b857ddb0ebf9539f1fcb90ddd96f02a818f4968694f026304659527018a885d92d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c0850ccf1d38947fb58cbb2957fa099d
SHA1f873d0377590a89311db36bd480144961eff83e7
SHA256cca5b02c5492cc6415e8ac21a63aaf816c4eeb010289c9da0ab3c83e71d9fb3e
SHA512262412037b701bd9f7a27477363bee8069521dfd73b5d262e7bd4a719eaf021aee7d65a11156395091d93e22112237cbdab5f1df061ba60ad9a11b645dbed94f