Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 09:16
Static task
static1
Behavioral task
behavioral1
Sample
c06b7a579545e34a1238db25d57aa1ea_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
c06b7a579545e34a1238db25d57aa1ea_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c06b7a579545e34a1238db25d57aa1ea_JaffaCakes118.html
-
Size
3KB
-
MD5
c06b7a579545e34a1238db25d57aa1ea
-
SHA1
1f1ccae07fb11e0cd00d86f9a82d70396f688d8f
-
SHA256
5e7a9812bdc29a161480980d20173dfbaa75c696db9ddbb6de86e2dc9077f959
-
SHA512
b9cb69ac8b980febdfdd83e7e08ea3ac8fd3486ef5b7215de5897c3edbccb923412199bd31fafb0424a7fe96d3ef5a1412b56c7b49274f4326afd1e87a626276
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3472 msedge.exe 3472 msedge.exe 552 msedge.exe 552 msedge.exe 3720 identity_helper.exe 3720 identity_helper.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 552 wrote to memory of 2448 552 msedge.exe 84 PID 552 wrote to memory of 2448 552 msedge.exe 84 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 1096 552 msedge.exe 85 PID 552 wrote to memory of 3472 552 msedge.exe 86 PID 552 wrote to memory of 3472 552 msedge.exe 86 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87 PID 552 wrote to memory of 1616 552 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c06b7a579545e34a1238db25d57aa1ea_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:552 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf51a46f8,0x7ffbf51a4708,0x7ffbf51a47182⤵PID:2448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:82⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:12⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1230608639024244361,3582522559256018105,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4060 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4708
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4888
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2388
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
276B
MD563e94862b42530f86676ad4d8dad984d
SHA13fd2230f79711e641c7d8bc1fc8f6d671319aec8
SHA25602bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25
SHA5128f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff
-
Filesize
5KB
MD51d2ed0a2ce62c39ea6ee0c71637d5140
SHA143d52bd72090a56bc8bfb32cff4d47fc879cd9e7
SHA256e804cd137f52c6dede8c7d393b76fb9ea4e9756fcdeb7cb20d39618d180b1157
SHA512d37fd82c328d119c58eb8171a04cb931b273d2a1cac71cf54aa5aa8f3d8cce4473a32a2c27f828e3141c43559e33b1c78a24f4abb7de8cfea4047dde22b4c6d4
-
Filesize
6KB
MD59adc7b5cb4f7675ab47d4413f21bd1ee
SHA1e9632daa0d0a6bc542dafc382aec4bf87db450c4
SHA2561cdb718da7cb1977a01c91b08f57eb875c0c987337665a24120f727a9cb1558b
SHA512be3015180594f2398131e20b4f19ec8c51ab045bfc028696a40d3f8cc9ccf355748da874773f5fea2f71c1c6adc256f68fb681965d9f9209e17f43c7e356dc08
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ab74e32c681b0edfdd2b9e51709590f8
SHA156c0b1877e4821bca25403517044de2cddee1aa3
SHA256d6eadd028ade74cd30620d3bfce2db650d3a751e41f3c51cd9d28073138f8d6e
SHA512943fe8ddc29725585366daa6d09620ff6ddf69451aced166e34dca97df5eaa68a9b6252fd2a86e001f87d278568acdbe7b9f9ccfffb228c3baf8fb7e816c8368