Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
17/08/2024, 22:54
Static task
static1
Behavioral task
behavioral1
Sample
a478677800bf6f26075983270f7d4ebc_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a478677800bf6f26075983270f7d4ebc_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
a478677800bf6f26075983270f7d4ebc_JaffaCakes118.html
-
Size
121KB
-
MD5
a478677800bf6f26075983270f7d4ebc
-
SHA1
9cb0b2bd83493c27bdec2bdf89965b3278de12c0
-
SHA256
60d7f0e8cbc0d48742456714fc66f39863c3392890d09678ef5a236289fbcaba
-
SHA512
8f7d249934901252730d6d2593d694bafc781c3428ce167554c2cae37cff79fee64681b854b1481c407dc10dec6e0c75d9d1359a1f381d72cd6a77d4ade45828
-
SSDEEP
768:10xo8zVfDO2uviLkzvA/tCod2dntgh8mSiBK02m5g/5m1slnRjZW:106CVMMkzkCo4dtKtSiBK02Mg/5mKxRc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 768 msedge.exe 768 msedge.exe 224 msedge.exe 224 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 224 wrote to memory of 1996 224 msedge.exe 84 PID 224 wrote to memory of 1996 224 msedge.exe 84 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 3516 224 msedge.exe 85 PID 224 wrote to memory of 768 224 msedge.exe 86 PID 224 wrote to memory of 768 224 msedge.exe 86 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87 PID 224 wrote to memory of 2860 224 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a478677800bf6f26075983270f7d4ebc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb538f46f8,0x7ffb538f4708,0x7ffb538f47182⤵PID:1996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:12⤵PID:1740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵PID:560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,4060130637856905124,10501223741773122406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1980
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4812
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4624
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
5KB
MD532fa60974505891dfa2cfd7b4371ba03
SHA10444b84e518a47077b663f360f1bfe4981e44b0c
SHA2561e17175d3a5c0a9b841bd8accfa92a441d454ef71d682d68360cb382a53e9acc
SHA512fc2c1d8922ae265188cf53583049f694878586e03fc12d49dea98d3855eb566955c60c6c84fded17a5b5482dda97f0cf6825827516d0c1e49d302b594aa4203e
-
Filesize
6KB
MD517dbe150ed5953ca348df44d691b54e8
SHA158ca55fec7950b42294c412c84b48566f0f68d05
SHA25671946917823ca64da7510755802050c75ffeb3eb5c9dc2e6931d35969b5fe04c
SHA512fe180e765b5a42478d94de27d3c5bf88a5e4b63ae6129c71b5149d9d5a608d6d82428ad5ae73cd391414b1b8b6079b94f535de74ba750e9f178e85168baa003d
-
Filesize
6KB
MD5a8579ac916ebccce66ce19157b533eb2
SHA187f269622a60ed4e9598c6dfb59ceb4919e89e78
SHA256815402141626b3090153c7e257474c36bfab8fe5e9c357966cbf403fa5448653
SHA512ca37e2ace3e5cd1a5c7315f52f1d7170233b38d167c3553448e576ed8bb72208d49e6376f5783aeefa60f2b57d8c054cbffa8020ab5f7612a84f374358402fe7
-
Filesize
10KB
MD59c8f9c2d6e653448df6a4a1241535f81
SHA196a8d5db74697d794f1f94432b6fee926c341fee
SHA256ee19f8e2ea149e15dda108d1b3f340f46f8dcecb41c85397a51668ba374187d4
SHA5129a099956668a6f77b8c8f2a247f07616323238eaa71c1ef66dd919c2ab44e28bda29c06701b078e8d94211aa3c1f56c7349a44cf06645f7f4649266dee84cd0c