Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
14-07-2024 14:45
Static task
static1
Behavioral task
behavioral1
Sample
46461072c7a736496efdb6fb4bfcda82_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
46461072c7a736496efdb6fb4bfcda82_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
46461072c7a736496efdb6fb4bfcda82_JaffaCakes118.html
-
Size
21KB
-
MD5
46461072c7a736496efdb6fb4bfcda82
-
SHA1
7b67a8c61a645248551faf90ba1615cb633c9ea4
-
SHA256
8d928ef2df7e45395941c8e06ff01661daedc3cd149881c8d53d070e2dd3e4af
-
SHA512
3d8a3ca3416a9e2a523384e51f4181c141391634933186e1e2fa883ca9309705fa701bfee9d81151a32e8a54d57babc24ad705af8128b6fbcad905f0e8af26dc
-
SSDEEP
384:CsF/hv8IxTNGYlkASK1KNe9K+KE8K8sKcKcKlKNe9K5Q1TGP+2:CsF18IxTNGYlk5K1K89K+KnK8sKcKcK2
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2404 msedge.exe 2404 msedge.exe 1288 msedge.exe 1288 msedge.exe 2432 identity_helper.exe 2432 identity_helper.exe 1716 msedge.exe 1716 msedge.exe 1716 msedge.exe 1716 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1288 wrote to memory of 2100 1288 msedge.exe 83 PID 1288 wrote to memory of 2100 1288 msedge.exe 83 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 992 1288 msedge.exe 84 PID 1288 wrote to memory of 2404 1288 msedge.exe 85 PID 1288 wrote to memory of 2404 1288 msedge.exe 85 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86 PID 1288 wrote to memory of 3220 1288 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\46461072c7a736496efdb6fb4bfcda82_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1288 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1d1946f8,0x7ffa1d194708,0x7ffa1d1947182⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,610935870904272408,17831660873728113439,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1716
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3888
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51f9d180c0bcf71b48e7bc8302f85c28f
SHA1ade94a8e51c446383dc0a45edf5aad5fa20edf3c
SHA256a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc
SHA512282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785
-
Filesize
152B
MD560ead4145eb78b972baf6c6270ae6d72
SHA1e71f4507bea5b518d9ee9fb2d523c5a11adea842
SHA256b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7
SHA5128cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde
-
Filesize
182B
MD55f0137a03670896cf7f2a4210373458c
SHA16d59e1a8778e3b2ffa81eb39316c55dcee25edca
SHA256bcacf42a96cda5c1b95295ed3be1045547425b5ae50b6aa4096b9e025bdf8fe2
SHA512aaf6459a0d6e868f1f36cc453ac608cd7573ff1cfdb886d522a68887070fc59a25b7216dd4001737e2dda2026ff9b504bf2816c4de4e92ffc7cf958fb4694d44
-
Filesize
6KB
MD52feea960919454c4f9dba41aa7a89404
SHA1fc229fa12dcb12928f914ff5d70cc04a48829076
SHA256950335b36a26e214761927630334d6c2cd01841cfe76cbf3851a50185be54ce3
SHA51221b9edd3470ee085ee96870bce02d2a116c9daed17ffc0cb5ebc3deb8ee4610a59fd4e5fb629da4f44d6bb20a937b091224bb0ca5ad6081bd50c398d7e5dcb6f
-
Filesize
6KB
MD549d9dc849062bae656fd3a65ff74c821
SHA1c8d4a65a002fab57b2e9a83e284c1db8631ef09d
SHA25603ea6959f1e86f07c2e2b8afb708b191f93d22184886c9cf6511f44960e9de82
SHA5122318f62b23220fb3b2e81ad91c2d24a2b96839cc4f562d98987b0ee5d5d0cc9c4a9438e0b0157cdf8ab1b82e13b3d854eff09ed420740421168f8728e3df70e6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5390900b307fc157cf32d25efd5fae125
SHA1b53e07447bfe7f51fb66fdec62547e6ebbb5f795
SHA25668c33449c4288141faa65a521dab4eefc1ded96fa7d8b5e880331205c00d304a
SHA51275149c11d0ab342120613227e2ffdf8bd6c77fc13bad8610e99030205c92d3dffe956f7f1041b72452182d4fe983420b50ac7c700328e4efff554a443e677083