Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
12/07/2024, 01:37
Static task
static1
Behavioral task
behavioral1
Sample
3b8672814943091a2975ebafb50baa82_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
3b8672814943091a2975ebafb50baa82_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
3b8672814943091a2975ebafb50baa82_JaffaCakes118.html
-
Size
8KB
-
MD5
3b8672814943091a2975ebafb50baa82
-
SHA1
364dcfaec79236f6cbde2230c4746fdf71591a61
-
SHA256
9ed9723d98ebec92d71b2cd9893b08b83a5d070dbf4db90057fe9005c92caff6
-
SHA512
6bc553233bdf72233dad14b0b4a767da84db991c096e8c82782ba331b9104d710ce719fdd97b39f1c311f1f97930eb4cde06cf9acdf78e80ba2d6c9adc2cdefb
-
SSDEEP
192:7hLEgZ9o7K0rICrcLTC8WazlZdJ5DR52JI:7hLEgZ9o7EChazlLmK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3928 msedge.exe 3928 msedge.exe 2548 msedge.exe 2548 msedge.exe 1412 identity_helper.exe 1412 identity_helper.exe 3680 msedge.exe 3680 msedge.exe 3680 msedge.exe 3680 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2548 wrote to memory of 1212 2548 msedge.exe 83 PID 2548 wrote to memory of 1212 2548 msedge.exe 83 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 2172 2548 msedge.exe 84 PID 2548 wrote to memory of 3928 2548 msedge.exe 85 PID 2548 wrote to memory of 3928 2548 msedge.exe 85 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86 PID 2548 wrote to memory of 2136 2548 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3b8672814943091a2975ebafb50baa82_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce80b46f8,0x7ffce80b4708,0x7ffce80b47182⤵PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:12⤵PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:82⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:12⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:12⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1850794105876386543,9735917508889338667,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3680
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:344
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1684
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c00b0d6e0f836dfa596c6df9d3b2f8f2
SHA169ad27d9b4502630728f98917f67307e9dd12a30
SHA256578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1
SHA5120e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da
-
Filesize
152B
MD554f1b76300ce15e44e5cc1a3947f5ca9
SHA1c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7
SHA25643dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24
SHA512ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a
-
Filesize
6KB
MD5afd1304f2de7b36f24860d4e020b76e8
SHA147424b2010b899a2a9aa52b9eea1f311531bee18
SHA256a9111d33724a86cb10630926d0fffd54c079d00c24f2d742cfdbbd3910b2e60d
SHA51209dfd9e237fbca3a4f8968c731b0514e08a8af30627d601f983188cd4a1619644138f94352c1c05ee32339eb665ceb76604f44d1cdbe17a722d96be459ce7b03
-
Filesize
6KB
MD57668c1d379f55de3828c6a570269ac2f
SHA16f14e9a9b090f374edb3f1d653e87f8a04b442e7
SHA25691dca7044a364b7b90b68a4819276e6bc46c55ec94ec4d04afbb66443e5772c4
SHA5120196490dc03eef880c34fb24506c9076b6e0dbd1795cdcee1ec133f46c1c06b75407606aabf9c0995a5be4e7b1585bd04edfe8b8c4661974797620b497ef3282
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5971de211738530d1487b40b75c85646b
SHA1f40f69f09260100d14157c7b026e1e90eb60535d
SHA256e00bc2c35dd7ee5386b4e604d8e125229c6ed485e29f816a49a7262272694ab6
SHA512b509d033212e38eeb377e84cf0624a4be5b40976b6a90825099032dfd67995b31864308df485bc16e57d9491f16d28934a1af2783e021c0bbe23c06ee6d76228