Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19/07/2024, 23:11
Static task
static1
Behavioral task
behavioral1
Sample
5e133a93eebdd6a04af5ac593dae0e58_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5e133a93eebdd6a04af5ac593dae0e58_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
5e133a93eebdd6a04af5ac593dae0e58_JaffaCakes118.html
-
Size
10KB
-
MD5
5e133a93eebdd6a04af5ac593dae0e58
-
SHA1
3e7743b7339d936735fdaf9e619c92220a25d598
-
SHA256
6280ebfa11ce1d8412558bd90ddae46429c5163b4c95da4d8c6a7a5f28f814da
-
SHA512
0dc0ef6455acbad5fba9da7b4b92fff8492f0b476532a0b1a6ce14deae4dd23c084b24419491161bd445198307a84c559cbf6e8fc25f9f6b8f552d253f38b322
-
SSDEEP
192:Fohy15Mkz5GnOXwuhqvEm+DUX09qKeITgtpVMOs701CIgteSpOx7AcotQLcwux:6g15zAEQsHtQ1CIgUSpOsa41x
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1576 msedge.exe 1576 msedge.exe 1740 msedge.exe 1740 msedge.exe 2940 identity_helper.exe 2940 identity_helper.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1740 wrote to memory of 3832 1740 msedge.exe 86 PID 1740 wrote to memory of 3832 1740 msedge.exe 86 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 3432 1740 msedge.exe 87 PID 1740 wrote to memory of 1576 1740 msedge.exe 88 PID 1740 wrote to memory of 1576 1740 msedge.exe 88 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89 PID 1740 wrote to memory of 2188 1740 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5e133a93eebdd6a04af5ac593dae0e58_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadc5c46f8,0x7ffadc5c4708,0x7ffadc5c47182⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:2188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:82⤵PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:12⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:12⤵PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:4156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2468
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4416
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1140
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c00b0d6e0f836dfa596c6df9d3b2f8f2
SHA169ad27d9b4502630728f98917f67307e9dd12a30
SHA256578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1
SHA5120e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da
-
Filesize
152B
MD554f1b76300ce15e44e5cc1a3947f5ca9
SHA1c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7
SHA25643dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24
SHA512ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a
-
Filesize
180B
MD5e75179806fdb60b3337e8cd5b04cd6cf
SHA1434a695c7607996cc4d1a0698d9214afe4d9fd38
SHA256a121c6f8b11a0682ab639049f50ef2a1b00b3a2a565d7686cc64f501056b7b19
SHA512e1e2f888005696fb33453f369efda963c71c15270338db02d812a1ad503c1dfd2a0f693c3f6a02ca2abb7cad631524b0481141646353c7b39adf44b09bf8464f
-
Filesize
5KB
MD572d20c02f6fcb009fb51f4570e7d7dc2
SHA169a75cdaff7ff2dddb846d50c611cff910503c5b
SHA25621a3ad74fc078158d8948f2278c1d18751ad09746de2010c39186c47fe552ac2
SHA512218e014efa5cdf42e94c3928af168fd271f8156c7fa892db5387838275beb28841650fc261a9cb8b6525aabe27214abb7f279c784158c1f30e4aa1eb0cd5e9f1
-
Filesize
6KB
MD5156feff0870258b68c4141e7a294bb35
SHA12a7f175af2250b2d6095063f11b3838ed1f739ac
SHA256a5220c081efb88fe68c4fb1015f1696e28467c944b15ef945d48df64d99b9a5f
SHA51293c2186f7db23ba269a47a85a9657a568427db2b50db6c787a20a8456a0ef432dc78f3bee3e64d4b787b3db7185b6e7596bbcb8a2602bd8a8329e2f8cdc55df4
-
Filesize
372B
MD5e60eb86c022728134cdefa6ccc20c2c3
SHA1a9634900a32b2baf3cf987a1befebf8ce649738b
SHA256b202ef3ec03c0196163e9a3b5006b64a025f4d351d052b9567f7de072b764b23
SHA5127b87e4aba1fccbcd5921a5e023f24cfe2bd41f855ab630b2a6f9080cd5a871d65657c661c8b25d6a619bac1831a8942bce0074310b997d00d75d5e41962b4f97
-
Filesize
372B
MD573ab391d087cba191dca6040602d59b9
SHA12b9a7d6a7c3520eda7f95a79429c0f4895097307
SHA2564a7262142dc7699201ebc67eaa6d9de19539df4ea370b7306c7dbde2b91bd1b5
SHA512a19397ee19650f45f9696409076eaf5a455c5c97ab36dd62fa073d7b348f9608b38b32bdfa16249c8b30916b7c4324ff0f3b5bd8c4c004eabeac223ee017ab76
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c58350f16da65d219f5cd1d0b8b68953
SHA1dce8bb2f4da1b0a02010349f895481b0cbbf284e
SHA256f426d19c40b5bebaf6b58f1fb3514530f48ac5bbf55680279bb96f49e840feb3
SHA512d65bce7b78ff3d12b9d0bea0275179babc8ee14293c1fcaa356fef98661612c626a7cb5ecb5ecfc2707ee98ae774344d513576e693845808f9cff19b254d0204