Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
17-08-2024 05:29
Static task
static1
Behavioral task
behavioral1
Sample
a15b4939bf8c8c02e796af9741776448_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a15b4939bf8c8c02e796af9741776448_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
a15b4939bf8c8c02e796af9741776448_JaffaCakes118.html
-
Size
272KB
-
MD5
a15b4939bf8c8c02e796af9741776448
-
SHA1
901fdaa711f2f6d0d4ae8283db8fa3df5c69e21d
-
SHA256
5601845e0df106b91b3d4a739f7a2d4f9f00d4733b2d230dc2819220d9d2ca49
-
SHA512
89dba06236008fe7f766578d00daaec654d456ebd9139324cb8e23b9c189de28d18c8ca41a90f64a00057fb1f5db3d21a25c0d857c2c674f0ee2628c1a1b50f7
-
SSDEEP
6144:GRMRYeE+y630styzBzSzmPtocC20IusntfO8/3KHjtcmD:CMa3630st4Pt9C20Iusntm8/3KHjtLD
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 692 msedge.exe 692 msedge.exe 936 msedge.exe 936 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe 936 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 936 wrote to memory of 4704 936 msedge.exe 84 PID 936 wrote to memory of 4704 936 msedge.exe 84 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 4564 936 msedge.exe 85 PID 936 wrote to memory of 692 936 msedge.exe 86 PID 936 wrote to memory of 692 936 msedge.exe 86 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87 PID 936 wrote to memory of 528 936 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a15b4939bf8c8c02e796af9741776448_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:936 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd91b146f8,0x7ffd91b14708,0x7ffd91b147182⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:12⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:12⤵PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6067881209975487809,18263825935749952223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5828 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:216
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1912
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4392
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ab8ce148cb7d44f709fb1c460d03e1b0
SHA144d15744015155f3e74580c93317e12d2cc0f859
SHA256014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1650d2b7-cbb5-4aaa-aba5-d8f459b1f796.tmp
Filesize1KB
MD580a4d679823368e6c1e68ba835528bfc
SHA1e48510766da62cbfe8c8845250b0ff40f40d5ab4
SHA2561b428356a4a405856876564980d3a303ad710e9d75de4791957cb9332feffa8b
SHA512f885d395114fc18051ea7dbb7d26444fd8f5810ca4dc3b461aaeec6d163892db516b73a0865a3659b488cd0c9e6c0da0424195d0729b03faf248b77c230be008
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5484d3e4a7db4f92cd56126e412a795a4
SHA1b68adc06c732e95453fea93666109411749ce8fc
SHA256fe6e78c5172498f27b461659ac630d1e3df891fed81105bf09e247177a6b9a58
SHA512b6270f8457dd733c171357d43fb0d70a3232f8197f632b5350899eeba4edbd0a7097b83256c3bde49095953544738369c1f85495a9386f5011e4539cd3cb02f3
-
Filesize
1KB
MD51701f610e8b8f0e6e32f7cb6fece6b12
SHA17554bf33f7e1c8929e62ace172eb5e40291a9469
SHA2568b806ba4561fd67de4baf7a84e4ff7819533eb72860563b8a060e9ab58c7b5ce
SHA512ce325f622ad084a055f2e3d96d811426a0b5a50a13bd4d505fe68a3daff366e4ffad6ce665c1f69c920137c89aa4d517832624d9e7f2c2c4539428b752c2ed4c
-
Filesize
5KB
MD55508a3ccb7ef803f97c17c1104cbbdcf
SHA11eba8a0bbe1f373db15cac0d4d3b640d59ad9b94
SHA2565505731dde118a9fcda08d39ceeff52001e0e495b8716d75e77f791eacd39c89
SHA512d38829711885054cb78c78a7e7dd601c1925637eb994ebf3e6f2cde10e90cf04e45c8a604ab0fce9d2ebe945969eb3d90e9d3d85e6f8c1b7829a78178f0eeddb
-
Filesize
6KB
MD52303940c9a433cd6220075073081026c
SHA17d6e6605bd52af6b317ef67f8890b5f6f726e7b2
SHA25648ee4c245472399c6c11fb8e59070b9013dd0df4e2b3f143cb7229ee1be73a32
SHA5122c4edf75ef058d8c0338dd30edaadabff9345c80e45458a275a0770e407ff669243331d7e7b6f4804688c5bd6d392c6e92f8cc53c0eecabc58474570fb540972
-
Filesize
6KB
MD56e46187aa274ee2ed92804c4707caf4c
SHA15b5f2c56656d57d8915ac230eac6953f457eb859
SHA2566add85234c7ed03c255fa6008e944ff6585d834c189d2c44cd9e35549c75b91b
SHA5125e5f23eb9f8c3be63404ed559749a83215c3b0c17af641262326945717ce7aa4bb775510e45d37408978a5a4c7f0d20bcaae78b813bb503613d0dd00b3c9a50f
-
Filesize
10KB
MD5488e27a714d2039dd2ffe4bc0e0c2d53
SHA1ca58a37ba1f169710ecd603803e110a18a292a7f
SHA2567fa5c91c3a2c8d949492defe33962fe1d239f0ad6735f69e9fe4971f021b427a
SHA51246dc4e29e0dc815fbc8580b85809988f8964249d4b9f3b4ae8b18bffd7e5fc8b94c56cd1f9cd3cbdeb94dc6969780f791d0d506bb14937f7a2da46d48777ae22